On Fri, Sep 13, 2013 at 10:51:06PM +0200, Kurt Roeckx wrote: > I think gnutls by default has a minimum size of 727 for the DH > size while openssl doesn't have any check for this. But if you're > using DH you really want to move to something like 2048 if > possible.
This prime size is pretty irrelevant for opportunistic TLS. If the server is prepared to do unencrypted session, then some encryption is better then no encryption. Bastian -- Those who hate and fight must stop themselves -- otherwise it is not stopped. -- Spock, "Day of the Dove", stardate unknown -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130913212338.gb24...@mail.waldi.eu.org