On Wed, Jul 04, 2018 at 07:57:41AM +0000, Peter Gutmann wrote: > Ilari Liusvaara <ilariliusva...@welho.com> writes: > > >More serious problem is servers returning too small modulus due lack of > >negotiation. Which was the reason why Chrome disabled DHE. > > Why not reject the handshake if the modulus is too small, rather than > disabling all DHE suites on the off chance that the server returns a value you > don't like?
Chrome initially did that. It caused quite a lot of bad feedback from owners of various bad embedded stuff. The thread on relevant forums was quite something. Hundreds of messages blaming Google for breaking stuff. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
