[gnutls-help] dh_params - docs
ametzler at bebt.de
Sun Aug 16 14:44:33 CEST 2020
the API reference manaual says this about gnutls_certificate_set_dh_params():
| gnutls_certificate_set_dh_params is deprecated and should not be used in
| newly-written code.
| This function is unnecessary and discouraged on GnuTLS 3.6.0 or later.
| Since 3.6.0, DH parameters are negotiated following RFC7919.
Which I would read as "when upgrading code to
(only) work with gnutls 3.6.0 one should delete any
gnutls_certificate_set_dh_params()-invocations since they are
unnecessary because GnuTLS will automatically do RFC7919 negotiation."
However it looks like (see below) that is not true, there is no
automation but gnutls_certificate_set_dh_params needs to be replaced with
To verify this, take ex-serv-x509 and remove
After this change
openssl s_client -connect localhost:5556 -cipher DHE-RSA-AES256-GCM-SHA384 -tls1_2
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-help