On 12-Sep-2013, at 1:18, Florian Weimer wrote:
> I suppose the simplest mitigation would be to avoid ephemeral
> Diffie-Hellman key agreement altogether, that is, remove it from the
> cipher suite default.
By the way this ticket is a dup of #676563
--srs
--
To UNSUBSCRIBE, email to debian-bu
On 12-Sep-2013, at 1:18, Florian Weimer wrote:
> I suppose the simplest mitigation would be to avoid ephemeral
> Diffie-Hellman key agreement altogether, that is, remove it from the
> cipher suite default.
Dispensing with gnutls and using openssl like most other distros do would
possibly make m
* Suresh Ramasubramanian:
> Possibly good crypto but extremely bad for interoperability, and obviously
> ends
> up in a lot of email being sent out unencrypted / cleartext when at least a
> base level of TLS should have been available and usable.
>
> Setting tls_dh_min_bits=512 in remote_smtp doe
Package: exim4
Version: 4.80-7
Followup-For: Bug #684340
This issue is still around in 4.80-7 on wheezy.
Longish thread on postfix-users as well, with an exim developer (Phil Pennock)
discussing this bug with Wietse and Viktor Dukhovni.
66_enlarge-dh-parameters-size.dpatch in gnutls is the issue
Package: exim4
Version: 4.80-3
It's reported on the Internet that version 4.77 doesn't have this
problem. After updating from v. 4.72, attempts to sent out email to my
ISP failed and all messages bounced back to me. After some checking I
found out that apparently the option tls_dh_min_bits has h
5 matches
Mail list logo
