On Fri 07 Jul 2006 09:12, Florian Weimer wrote: > > Indeed. The RSA parameters are quite short 512 bits so they need > > quite frequent regeneration. > I would be surprised if RSA_EXPORT support is needed at all. I don't > see it in my mail server logs, and don't you need a special server > certificate to enable it anyway?
The only requirement is for the server certificate to be able to be used for signing. > > The DH parameters could be there for months or so (if they are over > > 1024 bits). > And they don't need to be based on bits from /dev/random. Indeed. But in the versions of linux used, they depleted the same pool, thus again /dev/random was blocked. regards, Nikos _______________________________________________ Help-gnutls mailing list Help-gnutls@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnutls
