diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-27 09:14:39 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-27 09:14:39 -0400 |
commit | a799883d8ad340d935db4d729a31c02cb8a1d977 (patch) | |
tree | 3ceb2a5d711c3430aba48a47cfed59c73d6ddda9 /doc/doc-txt | |
parent | cae6e576b589efbe9e22cd65e5f890b21ce84f02 (diff) |
For DH, use standard primes from RFCs
Diffstat (limited to 'doc/doc-txt')
-rw-r--r-- | doc/doc-txt/ChangeLog | 5 | ||||
-rw-r--r-- | doc/doc-txt/GnuTLS-FAQ.txt | 16 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 6 |
3 files changed, 24 insertions, 3 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e7b807e3c..4f8154c7e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -158,6 +158,11 @@ PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought protection layer was required, which is not implemented. Bugzilla 1254, patch from Wolfgang Breyha. +PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built + into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make + tls_dhparam take prime identifiers. Also unbreak combination of + OpenSSL+DH_params+TLSSNI. + Exim version 4.77 ----------------- diff --git a/doc/doc-txt/GnuTLS-FAQ.txt b/doc/doc-txt/GnuTLS-FAQ.txt index 4339becac..8d5887bac 100644 --- a/doc/doc-txt/GnuTLS-FAQ.txt +++ b/doc/doc-txt/GnuTLS-FAQ.txt @@ -143,6 +143,10 @@ connections. (6): What's the deal with tls_dh_max_bits? What's DH? ------------------------------------------------------ +You can avoid all of the tls_dh_max_bits issues if you leave "tls_dhparam" +unset, so that you get one of the standard built-in primes used for DH. + + DH, Diffie-Hellman (or Diffie-Hellman-Merkle, or something naming Williamson) is the common name for a way for two parties to a communication stream to exchange some private random data so that both end up with a shared secret @@ -258,9 +262,15 @@ Ideally, the first line will read "PKCS#3 DH Parameters: (2236 bit)". If the count is more than 2236, then remove the file and let Exim regenerate it, or generate one yourself and move it into place. Ideally use "openssl dhparam" to generate it, and then wait a very long time; at least this way, the size -will be correct. (This developer is now convinced that Exim 4.81 should -bundle the suggested primes from a few RFCs and let the administrator choose -those.) +will be correct. + +The use of "hope" as a strategy was felt to be unacceptable as a default, so +late in the RC series for 4.80, the whole issue was side-stepped. The primes +used for DH are publicly revealed; moreover, there are selection criteria for +what makes a "good" DH prime. As it happens, there are *standard* primes +which can be used, and are specified to be used for certain protocols. So +these primes were built into Exim, and by default exim now uses a 2048 bit +prime from section 2.2 of RFC 5114. A TLS client does not get to choose the DH prime used, but can choose a diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 59994448f..0c3fccb74 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -100,6 +100,12 @@ Version 4.80 hard-coded limit of DH ephemeral bits, to fix interop problems caused by GnuTLS 2.12 library recommending a bit count higher than NSS supports. +16. tls_dhparam now used by both OpenSSL and GnuTLS, can be path or identifier. + Option can now be a path or an identifier for a standard prime. + If unset, we use the DH prime from section 2.2 of RFC 5114, "ike23". + Set to "historic" to get the old GnuTLS behaviour of auto-generated DH + primes. + Version 4.77 ------------ |