Hi Bryan, On Mon, May 19, 2014 at 12:49:21PM -0700, Bryan Talbot wrote: > It seems like the warning would be emitted in cases when DH exchange is > disabled. ECDH is supported by nearly all new browsers and devices (that we > care about anyway) and so have DH disabled and only ECDH enabled when PFS > can be used -- specifically to avoid the large DH overhead especially for > mobile devices. > > With the patch, it sounds like we would need to include a setting for > "default-dh-param" even though it would never actually be used (or include > a dh-param in our cert) to avoid a warning. > > Is it possible to only generate the dh-param and warnings if a cipher that > needs it is enabled?
I thought it was the case where the code was placed, but maybe I was wrong. RĂ©mi, what do you think ? Willy
