Bug#684340: exim tls fails: Diffie-Hellman prime too short
Suresh Ramasubramanian
suresh at hserus.net
Thu Sep 12 02:55:38 UTC 2013
On 12-Sep-2013, at 1:18, Florian Weimer <fw at deneb.enyo.de> wrote:
> I suppose the simplest mitigation would be to avoid ephemeral
> Diffie-Hellman key agreement altogether, that is, remove it from the
> cipher suite default.
Dispensing with gnutls and using openssl like most other distros do would possibly make more sense, but that is a license war dating back to 2008 and still open on bts.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446036
and of course these
http://blog.zugschlus.de/archives/585-exim4-vs.-OpenSSL-vs.-GnuTLS.html
http://blog.josefsson.org/2007/11/09/response-to-gnutls-in-exim-debate/
> 512 bits DH probably allows passive attacks, so IMHO it's unsuitable
> even if the peer's certificate isn't validated in some way (because
> like strong DH, this still provides security against passive
> eavesdroppers).
It is a fig leaf but still better than transporting email en clair.
--srs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20130912/ecd6d896/attachment.html>
More information about the Pkg-exim4-maintainers
mailing list