summaryrefslogtreecommitdiff
path: root/doc/doc-txt
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-05-27 09:14:39 -0400
committerPhil Pennock <pdp@exim.org>2012-05-27 09:14:39 -0400
commita799883d8ad340d935db4d729a31c02cb8a1d977 (patch)
tree3ceb2a5d711c3430aba48a47cfed59c73d6ddda9 /doc/doc-txt
parentcae6e576b589efbe9e22cd65e5f890b21ce84f02 (diff)
For DH, use standard primes from RFCs
Diffstat (limited to 'doc/doc-txt')
-rw-r--r--doc/doc-txt/ChangeLog5
-rw-r--r--doc/doc-txt/GnuTLS-FAQ.txt16
-rw-r--r--doc/doc-txt/NewStuff6
3 files changed, 24 insertions, 3 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e7b807e3c..4f8154c7e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -158,6 +158,11 @@ PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
protection layer was required, which is not implemented.
Bugzilla 1254, patch from Wolfgang Breyha.
+PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
+ into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
+ tls_dhparam take prime identifiers. Also unbreak combination of
+ OpenSSL+DH_params+TLSSNI.
+
Exim version 4.77
-----------------
diff --git a/doc/doc-txt/GnuTLS-FAQ.txt b/doc/doc-txt/GnuTLS-FAQ.txt
index 4339becac..8d5887bac 100644
--- a/doc/doc-txt/GnuTLS-FAQ.txt
+++ b/doc/doc-txt/GnuTLS-FAQ.txt
@@ -143,6 +143,10 @@ connections.
(6): What's the deal with tls_dh_max_bits? What's DH?
------------------------------------------------------
+You can avoid all of the tls_dh_max_bits issues if you leave "tls_dhparam"
+unset, so that you get one of the standard built-in primes used for DH.
+
+
DH, Diffie-Hellman (or Diffie-Hellman-Merkle, or something naming Williamson)
is the common name for a way for two parties to a communication stream to
exchange some private random data so that both end up with a shared secret
@@ -258,9 +262,15 @@ Ideally, the first line will read "PKCS#3 DH Parameters: (2236 bit)". If the
count is more than 2236, then remove the file and let Exim regenerate it, or
generate one yourself and move it into place. Ideally use "openssl dhparam"
to generate it, and then wait a very long time; at least this way, the size
-will be correct. (This developer is now convinced that Exim 4.81 should
-bundle the suggested primes from a few RFCs and let the administrator choose
-those.)
+will be correct.
+
+The use of "hope" as a strategy was felt to be unacceptable as a default, so
+late in the RC series for 4.80, the whole issue was side-stepped. The primes
+used for DH are publicly revealed; moreover, there are selection criteria for
+what makes a "good" DH prime. As it happens, there are *standard* primes
+which can be used, and are specified to be used for certain protocols. So
+these primes were built into Exim, and by default exim now uses a 2048 bit
+prime from section 2.2 of RFC 5114.
A TLS client does not get to choose the DH prime used, but can choose a
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 59994448f..0c3fccb74 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -100,6 +100,12 @@ Version 4.80
hard-coded limit of DH ephemeral bits, to fix interop problems caused by
GnuTLS 2.12 library recommending a bit count higher than NSS supports.
+16. tls_dhparam now used by both OpenSSL and GnuTLS, can be path or identifier.
+ Option can now be a path or an identifier for a standard prime.
+ If unset, we use the DH prime from section 2.2 of RFC 5114, "ike23".
+ Set to "historic" to get the old GnuTLS behaviour of auto-generated DH
+ primes.
+
Version 4.77
------------