Re: [PATCH] gnutls DH prime minimum for wheezy, plus question about openssl
On Fri, Jun 05, 2015 at 01:56:18PM +0200, Thorsten Glaser wrote:
>
> OpenSSL upstream is said (citation needed) to wish to require a
> 1024 bit minimum in some later version but require 768 bits now.
http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
> I cannot find this in either upstream's 1.0.2a release or the one
> currently in sid.
It should end up in all suites in Debian soon.
> I did find it as commit 10a70da729948bb573d27cef4459077c49f3eb46
> in upstream's git, except the error path needs to set al too AFAICS.
I'm not sure what you mean. The ssl3_check_cert_and_algorithm()
function doens't have an "al" variable, it always sends the
SSL_AD_HANDSHAKE_FAILURE alert.
Kurt
Reply to: