[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel
fweimer at bfk.de
Fri Jul 7 09:12:16 CEST 2006
* Nikos Mavrogiannopoulos:
> Indeed. The RSA parameters are quite short 512 bits so they need quite
> frequent regeneration.
I would be surprised if RSA_EXPORT support is needed at all. I don't
see it in my mail server logs, and don't you need a special server
certificate to enable it anyway?
> The DH parameters could be there for months or so (if they are over
> 1024 bits).
And they don't need to be based on bits from /dev/random.
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Durlacher Allee 47 tel: +49-721-96201-1
D-76131 Karlsruhe fax: +49-721-96201-99
More information about the Gnutls-help