------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1415 Summary: Diffie-Hellman parameters Product: Exim Version: N/A Platform: Other OS/Version: All Status: NEW Severity: bug Priority: medium Component: TLS AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] Hi, in Exim configuration files and documentation (in multiple places), you are assuming that Mozilla Network Security Services (NSS) library supports maximum length 2236 bits for Diffie-Hellman parameters. This limitation has been already removed in NSS 3.14 https://bugzilla.mozilla.org/show_bug.cgi?id=636802 GnuTLS supports up to 15360 bit DH params OpenSSL supports up to 16384 bit DH params NSS library supports up to 16384 bit DH params Please remove the artificial restriction for 2236 bits DH parameters. Consider also to increase the default DH parameters from 2048 bits to 4096. The ECRYPT recommendation for DH parameters is 3248 bits for long term protection, If you are interested in more technical information about key sizes I highly recommend: http://www.keylength.com/en/compare/ Yearly Report on Algorithms and Keysizes (2012), D.SPA.20 Rev. 1.0, ICT-2007-216676 ECRYPT II, 09/2012. Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 3, NIST, 07/2012 -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
