Peter, so your complaint is about the lack of support for explicitly specified (non-"named") groups? That's completely intentional, see the RFC's abstract. (It *shouldn't* be that much of a problem that the server might be using a ill-chosen group, because if the server does dumb things we can't save it anyway. However, given all the complexities of the TLS handshake, there's actually more that can fall apart if the group is bad.)
Bodo
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
