> As an additional change for 1.0.2c or later (no need to
> delay the urgent fix), maybe adjust internal operations
> to discourage use of hardcoded DH groups for TLS DH (but
> NOT for generic DH-like operations such as openssl-based
> implementations of SRP).
That's going to be tough because standards groups like the TLS WG are
actively promoting fully specified, named parameters and curves.

See, for example, "Negotiated Finite Field Diffie-Hellman Ephemeral
Parameters for TLS",
https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09; and
the discussion of magic primes at "Re: [TLS] Another IRINA bug in
TLS", https://www.ietf.org/mail-archive/web/tls/current/msg16417.html.
(The thread is due to the recent attacks on DH).

Jeff
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to