Hubert Kario <[email protected]> writes: >FIPS requires to support only well known groups (all of them 2048 bit or >larger), and we've received hardly any customer issues after implementing >that as hard check (connection will fail if the key exchange uses custom DH >parameters) good few years ago now.
Interesting, so you're saying that essentially no-one uses custom groups? My code currently fast-tracks the known groups (RFC 3526 and RFC 7919) but also allows custom groups (with additional checking) to be on the safe side because you never know what weirdness is out there, do you have an idea of what sort of magnitude "hardly any" represents? And can something similar be said about SSH implementations? There's fixed DH groups and then the Swiss-army-knife diffie-hellman-group-exchange-*, but AFAIK the only groups that ever get exchanged there are the RFC 3526/7919 ones. Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
