[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tlsa for smtp to @bugs.debian.org

On Fri, Sep 13, 2013 at 10:51:06PM +0200, Kurt Roeckx wrote:
> I think gnutls by default has a minimum size of 727 for the DH
> size while openssl doesn't have any check for this.  But if you're
> using DH you really want to move to something like 2048 if
> possible.

This prime size is pretty irrelevant for opportunistic TLS.  If the
server is prepared to do unencrypted session, then some encryption is
better then no encryption.


Those who hate and fight must stop themselves -- otherwise it is not stopped.
		-- Spock, "Day of the Dove", stardate unknown

Reply to: