On Mon, Jun 08, 2015 at 10:00:00AM +0000, Thorsten Glaser wrote: > Stefan Fritsch <sf <at> sfritsch.de> writes: > > > And custom DH groups are not that easy to handle in an automated way. > > Right. I'm currently suggesting each "site" to generate one and > roll that out for the whole "site" (e.g. company, project).
Please note that the website still says that everybody should generate their own 2048 bit DH key, but on the ietf TLS list they said that wasn't needed and they would update their site. 2048 bit DH should still be strong enough that not everybody needs to generate their own. Kurt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150608210113.ga32...@roeckx.be
