subject:"\[PATCH 2\/2\] virnettlscontext\: Don't pass static key length to gnutls_dh_params

[PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

2021-12-21 Thread Michal Privoznik

As encryption norms get more strict it's easy to fall on the insecure side. For instance, so far we are generating 2048 bits long prime for Diffie-Hellman keys. Some systems consider this not long enough. While we may just keep increasing the value passed to the corresponding gnutls_* function, tha

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

2021-12-21 Thread Ani Sinha

On Tue, 21 Dec 2021, Michal Privoznik wrote: > As encryption norms get more strict it's easy to fall on the > insecure side. For instance, so far we are generating 2048 bits > long prime for Diffie-Hellman keys. Some systems consider this > not long enough. While we may just keep increasing the

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

2021-12-22 Thread Ján Tomko

On a Tuesday in 2021, Michal Privoznik wrote: As encryption norms get more strict it's easy to fall on the insecure side. For instance, so far we are generating 2048 bits long prime for Diffie-Hellman keys. Some systems consider this not long enough. While we may just keep increasing the value pa

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

2021-12-22 Thread Martin Kletzander

On Wed, Dec 22, 2021 at 02:12:37PM +0100, Ján Tomko wrote: On a Tuesday in 2021, Michal Privoznik wrote: As encryption norms get more strict it's easy to fall on the insecure side. For instance, so far we are generating 2048 bits long prime for Diffie-Hellman keys. Some systems consider this not

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

2022-01-03 Thread Michal Prívozník

On 12/22/21 14:12, Ján Tomko wrote: > On a Tuesday in 2021, Michal Privoznik wrote: >> As encryption norms get more strict it's easy to fall on the >> insecure side. For instance, so far we are generating 2048 bits >> long prime for Diffie-Hellman keys. Some systems consider this >> not long enough

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

2022-01-04 Thread Daniel P . Berrangé

On Tue, Dec 21, 2021 at 03:22:59PM +0100, Michal Privoznik wrote: > As encryption norms get more strict it's easy to fall on the > insecure side. For instance, so far we are generating 2048 bits > long prime for Diffie-Hellman keys. Some systems consider this > not long enough. While we may just ke

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

2022-01-04 Thread Michal Prívozník

On 1/4/22 12:59, Daniel P. Berrangé wrote: > We shouldn't be introducing use of gnutls_sec_param_to_pk_bits at > all IMHO, rather we should be removing use of gnutls_dh_params_generate2 > instead. > > The recommendation is to use pre-generated DH parameters from the > the FFDHE set of RFC7919. >

[PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

Re: [PATCH 2/2] virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2()

7 matches

Site Navigation

Mail list logo

Footer information