Gnus development mailing list
 help / color / mirror / Atom feed
From: Lars Ingebrigtsen <larsi@gnus.org>
To: Greg Troxel <gdt@lexort.com>
Cc: James Cloos <cloos@jhcloos.com>, ding@gnus.org
Subject: Re: Diffie-Hellman key exchange has been lowered to 256 bits
Date: Thu, 29 Jan 2015 12:39:53 +1100	[thread overview]
Message-ID: <87mw52nz4m.fsf@building.gnus.org> (raw)
In-Reply-To: <smuvbjrqe65.fsf@linuxpal.mit.edu> (Greg Troxel's message of "Wed, 28 Jan 2015 07:32:02 -0500")

Greg Troxel <gdt@lexort.com> writes:

> No, the problem should be fixed.  256-bit DH does not make any sense.

It will use as many DH bits as the server allows.  If the server only
uses 256-bits Diffie-Hellman, the connection is essentially unencrypted,
and you may chose not to talk to the server, or you may choose talk to
the server anyway.  That's up to the user.

So there is no problem to be fixed.

(The network security manager (on "high") will warn about DH lower than
1024, though.)

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/



      reply	other threads:[~2015-01-29  1:39 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-21 11:44 James Cloos
2014-06-22  8:35 ` Melleus
2014-06-22 14:33   ` James Cloos
2014-09-24 20:55     ` Ted Zlatanov
2015-01-28  5:18 ` Lars Ingebrigtsen
2015-01-28 12:32   ` Greg Troxel
2015-01-29  1:39     ` Lars Ingebrigtsen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87mw52nz4m.fsf@building.gnus.org \
    --to=larsi@gnus.org \
    --cc=cloos@jhcloos.com \
    --cc=ding@gnus.org \
    --cc=gdt@lexort.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).