On 2019-03-01 21:30:04 [+0100], gregor herrmann wrote: > On Fri, 01 Mar 2019 21:18:37 +0100, Sebastian Andrzej Siewior wrote: > > > The patch attached fixes the issue in libanyevent-perl by setting the > > default DH value to 2048. > > There's also a new AnyEvent release but I saw the "INCOMPATIBLE > CHANGE" in the changelog, and I don't think it changes what is > affected here?
stunnel's autopkgtest (and everyone else using that API without using a DH2048+key since now the API rejects smaller values properly). > > Moving forward: > > - apply the patch to libanyevent-perl and be done with it > > - tell the stunnel4 testsuite to use 2048bit DH instead the default > > value. > > Is this an alternative or are both steps needed? Either/or. The last b release of openssl fixes the return code of one function. Since that change, setting < 2048bit DH key fails (before that it was also failed but with a success return value so everyone assumed that it worked). So either libanyevent-perl changes the default DH key to 2048 (like in the patch attached) _or_ someome comes up with perl foo and makes sure debian/tests/runtime in the block around line 276 - 295 specifies a dh with 2048 bits. My perl foo was enough to narrow it down to that area :) I *think* that 2048bit DH keys should be default these days and this would avoid errors like that in the future. > Cheers, > gregor Sebastian
