Re: [PATCH] Re: Logjam mitigation for Wheezy?

To: debian-security@lists.debian.org
Subject: Re: [PATCH] Re: Logjam mitigation for Wheezy?
From: Thorsten Glaser <tg@mirbsd.de>
Date: Mon, 8 Jun 2015 10:00:00 +0000 (UTC)
Message-id: <[🔎] loom.20150608T115712-421@post.gmane.org>
References: <20150520164735.GB24453@randomstring.org> <1633427.sqntbNTtro@k> <[🔎] alpine.DEB.2.20.1506031603380.14887@tglase.lan.tarent.de> <[🔎] 7468885.v8Xxc1WnWR@k>

Stefan Fritsch <sf <at> sfritsch.de> writes:

> And custom DH groups are not that easy to handle in an automated way. 

Right. I’m currently suggesting each “site” to generate one and
roll that out for the whole “site” (e.g. company, project).

> For example on a cubietruck (Cortex A7), generation of a 2048 bit 
> group takes about one hour.

Huh, fun. It took about 40 minutes both on my desktop (Debian sid/x32,
AMD Phenom II X4 965 @ 3.4 GHz) and home server (MirBSD/i386, Intel
Pentium-MMX @ 233 MHz).

> Upstream jumped through quite a few hoops to make the patch work with 
> openssl 0.9.8. We don't need that for wheezy (which has 1.0.1e), but 
> it may come handy for squeeze when someone wants to do the backport.

Mh. Still, “something like this” should be included in wheezy itself RSN.

bye,
//mirabilos

Reply to:

Follow-Ups:
- Re: [PATCH] Re: Logjam mitigation for Wheezy?
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- [PATCH] Re: Logjam mitigation for Wheezy?
  - From: Thorsten Glaser <t.glaser@tarent.de>
- Re: [PATCH] Re: Logjam mitigation for Wheezy?
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Re: [SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice
Next by Date: Re: [PATCH] Re: Logjam mitigation for Wheezy?
Previous by thread: Re: [PATCH] Re: Logjam mitigation for Wheezy?
Next by thread: Re: [PATCH] Re: Logjam mitigation for Wheezy?
Index(es):
- Date
- Thread