Re: tlsa for smtp to @bugs.debian.org
On Fri, Sep 13, 2013 at 10:51:06PM +0200, Kurt Roeckx wrote:
> I think gnutls by default has a minimum size of 727 for the DH
> size while openssl doesn't have any check for this. But if you're
> using DH you really want to move to something like 2048 if
> possible.
This prime size is pretty irrelevant for opportunistic TLS. If the
server is prepared to do unencrypted session, then some encryption is
better then no encryption.
Bastian
--
Those who hate and fight must stop themselves -- otherwise it is not stopped.
-- Spock, "Day of the Dove", stardate unknown
Reply to: