David Benjamin <[email protected]> writes: >RFC7919 tried to solve the problem but, by reusing the old cipher suites, it >fails to solve the problem.
It didn't just not solve the problem, it made things worse: 7919 doesn't say "I want to do DHE, if possible with these parameters", it says "I will only accept DHE if you use these parameters, otherwise you cannot use DHE but must drop back to RSA". Because of this and other issues, a discussion on this list in 2019 indicated that no-one was planning to implement it. >We don't have a way to tell the server to only consider DHE ciphers if it >would have used a group the client supports. Why would that be an issue? I know 7919 invents a bunch of reasons why this could be a problem, but in practice you just connect and take what the server gives you. If you don't like it you can always choose not to connect, but it's not like someone is going to rekey or rebuild the server if the client says it doesn't like the DH group it's offering. Given that everyone seems to have a different idea of what is and isn't a problem and what does and doesn't need to be addressed, perhaps we first need to define what we're trying to achieve... Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
