* Nikos Mavrogiannopoulos: >> I would be surprised if RSA_EXPORT support is needed at all. I don't >> see it in my mail server logs, and don't you need a special server >> certificate to enable it anyway? > > The only requirement is for the server certificate to be able to be used > for signing.
I don't think this is correct; the certificate issuer must come from certain well-known CAs which allow upgrading to a better security level. If you don't need interoperability with crippled clients, you'd use RSA instead of RSA_EXPORT in the first place. > Indeed. But in the versions of linux used, they depleted the same pool, > thus again /dev/random was blocked. But on a typical GNU/Linux system, no periodic tasks read from /dev/random, so it doesn't matter if the pool has been depleted or not. And the process which generates the key parameters for Exim would not block, either. -- Florian Weimer <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Durlacher Allee 47 tel: +49-721-96201-1 D-76131 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
