Hanno Böck <ha...@hboeck.de> writes: >I suggest reading: >https://blog.hboeck.de/archives/841-Diffie-Hellman-and-TLS-with-nonsense-parameters.html >https://eprint.iacr.org/2016/644 >https://www.openssl.org/news/secadv/20160128.txt
This just confirms what I said previously, this is an overreaction to a completely artificial situation. The first link is to a problem with a badly broken implementation, the second and third are to the use of maliciously- generated parameters. If your server is deliberately serving up malicious parameters then you have bigger things to worry about than the crypto. To put this another way, if I show that a malicious server can break TLS 1.3, does that mean we have to throw it out and start bikeshedding TLS 1.4? Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
