[gnutls-help] gnutls_dh_set_prime_bits question
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jul 2 00:22:41 CEST 2013
On 07/01/2013 05:50 PM, Ted Zlatanov wrote:
> We understand it's insecure. Our users have told us some servers won't
> work without it.
I'd be curious to know which servers fail like this. on those servers,
i'd say you'd be better off just not negotiating the any of the DHE
ciphersuites at all, rather than forcing the connection to a
trivially-crackable diffie-hellman exchange.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130701/41943422/attachment.sig>
More information about the Gnutls-help
mailing list