Here is a minor revision of yesterday's patch. From a security standpoint
either will do the job, but this version avoids a few unnecessary operations.
(If SSL_OP_SINGLE_DH_USE is set before calling SSL_CTX_set_tmp_dh()
the latter will refrain from generating a Y_s right away.)
About testing:
tags 765867 + patch
thanks
I've read (and tested) the patch submitted by Matthias Hunstock. I think it
would be prudent to follow the advice in the OpenSSL documentation and enable
the option SSL_OP_SINGLE_DH_USE. (Patch attached.) This may not matter when
perdition is run from inetd, but in
2 matches
Mail list logo
