[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Jul 8 15:02:17 CEST 2006
On Fri 07 Jul 2006 09:12, Florian Weimer wrote:
> > Indeed. The RSA parameters are quite short 512 bits so they need
> > quite frequent regeneration.
> I would be surprised if RSA_EXPORT support is needed at all. I don't
> see it in my mail server logs, and don't you need a special server
> certificate to enable it anyway?
The only requirement is for the server certificate to be able to be used
for signing.
> > The DH parameters could be there for months or so (if they are over
> > 1024 bits).
> And they don't need to be based on bits from /dev/random.
Indeed. But in the versions of linux used, they depleted the same pool,
thus again /dev/random was blocked.
regards,
Nikos
More information about the Gnutls-help
mailing list