Re: tlsa for smtp to @bugs.debian.org

To: debian-devel@lists.debian.org
Subject: Re: tlsa for smtp to @bugs.debian.org
From: Bastian Blank <waldi@debian.org>
Date: Fri, 13 Sep 2013 23:23:39 +0200
Message-id: <[🔎] 20130913212338.GB24058@mail.waldi.eu.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20130913205106.GA7721@roeckx.be>
References: <[🔎] m3hadq7v5s.fsf@carbon.jhcloos.org> <[🔎] m3bo3y5zno.fsf@carbon.jhcloos.org> <[🔎] 87txhq8s9s.fsf@qurzaw.varnish-software.com> <[🔎] 20130913102803.GB31162@bongo.bofh.it> <[🔎] m3hado4zos.fsf@carbon.jhcloos.org> <[🔎] 20130913205106.GA7721@roeckx.be>

On Fri, Sep 13, 2013 at 10:51:06PM +0200, Kurt Roeckx wrote:
> I think gnutls by default has a minimum size of 727 for the DH
> size while openssl doesn't have any check for this.  But if you're
> using DH you really want to move to something like 2048 if
> possible.

This prime size is pretty irrelevant for opportunistic TLS.  If the
server is prepared to do unencrypted session, then some encryption is
better then no encryption.

Bastian

-- 
Those who hate and fight must stop themselves -- otherwise it is not stopped.
		-- Spock, "Day of the Dove", stardate unknown

Reply to:

Follow-Ups:
- Re: tlsa for smtp to @bugs.debian.org
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: tlsa for smtp to @bugs.debian.org
  - From: md@Linux.IT (Marco d'Itri)
- Re: tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Re: tlsa for smtp to @bugs.debian.org
Next by Date: Re: tlsa for smtp to @bugs.debian.org
Previous by thread: Re: tlsa for smtp to @bugs.debian.org
Next by thread: Re: tlsa for smtp to @bugs.debian.org
Index(es):
- Date
- Thread