[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Jul 8 15:02:17 CEST 2006

On Fri 07 Jul 2006 09:12, Florian Weimer wrote:

> > Indeed. The RSA parameters are quite short 512 bits so they need
> > quite frequent regeneration.
> I would be surprised if RSA_EXPORT support is needed at all.  I don't
> see it in my mail server logs, and don't you need a special server
> certificate to enable it anyway?

The only requirement is for the server certificate to be able to be used 
for signing.

> > The DH parameters could be there for months or so (if they are over
> > 1024 bits).
> And they don't need to be based on bits from /dev/random.

Indeed. But in the versions of linux used, they depleted the same pool, 
thus again /dev/random was blocked.


More information about the Gnutls-help mailing list