[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel

Florian Weimer fweimer at bfk.de
Fri Jul 7 09:12:16 CEST 2006

* Nikos Mavrogiannopoulos:

> Indeed. The RSA parameters are quite short 512 bits so they need quite 
> frequent regeneration.

I would be surprised if RSA_EXPORT support is needed at all.  I don't
see it in my mail server logs, and don't you need a special server
certificate to enable it anyway?

> The DH parameters could be there for months or so (if they are over
> 1024 bits).

And they don't need to be based on bits from /dev/random.

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Durlacher Allee 47            tel: +49-721-96201-1
D-76131 Karlsruhe             fax: +49-721-96201-99

More information about the Gnutls-help mailing list