Re: tlsa for smtp to @bugs.debian.org

To: James Cloos <cloos@jhcloos.com>
Cc: debian-devel@lists.debian.org, debian-admin@lists.debian.org
Subject: Re: tlsa for smtp to @bugs.debian.org
From: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 13 Sep 2013 23:17:41 +0200
Message-id: <[🔎] 20130913211741.GB7721@roeckx.be>
In-reply-to: <[🔎] 20130913205106.GA7721@roeckx.be>
References: <[🔎] m3hadq7v5s.fsf@carbon.jhcloos.org> <[🔎] m3bo3y5zno.fsf@carbon.jhcloos.org> <[🔎] 87txhq8s9s.fsf@qurzaw.varnish-software.com> <[🔎] 20130913102803.GB31162@bongo.bofh.it> <[🔎] m3hado4zos.fsf@carbon.jhcloos.org> <[🔎] 20130913205106.GA7721@roeckx.be>

On Fri, Sep 13, 2013 at 10:51:06PM +0200, Kurt Roeckx wrote:
> > The problem in the referenced URI is that gnutls refuses to tolerate
> > a less secure DH key size.  Here, gnutls refuses to tolerate a less
> > secure hash algorithm.
> 
> I think gnutls by default has a minimum size of 727 for the DH
> size while openssl doesn't have any check for this.  But if you're
> using DH you really want to move to something like 2048 if
> possible.

It might be that that check is only there is testing/unstable.
And buxtehude seems to be using 2048 bits.


Kurt

Reply to:

References:
- tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: tlsa for smtp to @bugs.debian.org
  - From: md@Linux.IT (Marco d'Itri)
- Re: tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Re: tlsa for smtp to @bugs.debian.org
Next by Date: Re: tlsa for smtp to @bugs.debian.org
Previous by thread: Re: tlsa for smtp to @bugs.debian.org
Next by thread: Re: tlsa for smtp to @bugs.debian.org
Index(es):
- Date
- Thread