Re: [PATCH 0/2] gnutls: Be more clever about DH key size
On Tue, Dec 21, 2021 at 03:22:57PM +0100, Michal Privoznik wrote:
See 2/2 for explanation.
Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1].
But that would require bumping minimal required version to gnutls-3.6.0
and I'm not sure how available it is in OSes we support. Therefore, for
As far as I can tell from repology.org all the major distros have 3.6.x
in more than one version and definitely all those that we have in the
CI, so I'd say bump that.
now let's stick with patch 2/2.
1: https://www.gnutls.org/manual/html_node/Parameter-generation.html
Michal Prívozník (2):
virnettlscontext: Drop gnutls_dh_set_prime_bits()
virnettlscontext: Don't pass static key length to
gnutls_dh_params_generate2()
src/rpc/virnettlscontext.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--
2.32.0
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)