https://bugs.exim.org/show_bug.cgi?id=1895
--- Comment #10 from Jeremy Harris <[email protected]> --- I take it that the bit of code in OpenSSL dhparam.c around the use of d2i_DHxparams_bio() is relevant? As usual I am finding the OpenSSL docs unhelpful wrt. guidance on actually using the library. I think we need to retain support for PEM files; which means (if I understand correctly about the need for q for sufficient security to enable support for session resumption) that we'll want docs guidance. Can someone who understands crypto say how the need arises, succinctly? We'll also want to describe how to generate the parameter files. We'll also need to look at the GnuTLS support. Currently we use gnutls_dh_params_import_pkcs3() with a PEM flag; it does take DER as an alternate - but I don't know if "pkcs3" implies no q. The function is also "considered obsolete", in favour of using RFC7919 parameters (which are now GnuTLS builtins as well as being Exim builtins) - but note that Exim docs encourage sites to generate their own. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
