[gnutls-help] gnutls_dh_set_prime_bits question
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jul 2 00:22:41 CEST 2013
On 07/01/2013 05:50 PM, Ted Zlatanov wrote:
> We understand it's insecure. Our users have told us some servers won't
> work without it.
I'd be curious to know which servers fail like this. on those servers,
i'd say you'd be better off just not negotiating the any of the DHE
ciphersuites at all, rather than forcing the connection to a
trivially-crackable diffie-hellman exchange.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1027 bytes
Desc: OpenPGP digital signature
More information about the Gnutls-help