Re: tlsa for smtp to @bugs.debian.org
On Fri, Sep 13, 2013 at 10:51:06PM +0200, Kurt Roeckx wrote:
> > The problem in the referenced URI is that gnutls refuses to tolerate
> > a less secure DH key size. Here, gnutls refuses to tolerate a less
> > secure hash algorithm.
>
> I think gnutls by default has a minimum size of 727 for the DH
> size while openssl doesn't have any check for this. But if you're
> using DH you really want to move to something like 2048 if
> possible.
It might be that that check is only there is testing/unstable.
And buxtehude seems to be using 2048 bits.
Kurt
Reply to: