On May 22, 2012, at 1:38 AM, Janne Snabb wrote:
Even if the hard
limit in NSS is fixed quickly, this will be a burden for TLS server
side
developers for many years to come.
It almost seems like a new TLS extension should be proposed, where the
client can tell the server how many bits of DH it is willing to
accept. (Similar in spirit, although simpler than, the extension used
to negotiate curves for elliptic curve.) If the client sends the
extension, then the server can know with confidence what size of DH
params are acceptable. If the client doesn't send the extension, the
server can make a conservative assumption. (Probably 2236 bits.)
Without such an extension, it seems like TLS servers that are
concerned about interoperability (such as on the Web) will have to
avoid exceeding 2236 bits for quite a long time.
--Patrick
_______________________________________________
Help-gnutls mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-gnutls
