[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-22-g00c60d4
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-22-g00c60d4 |
|
Date: |
Mon, 09 Jan 2012 20:42:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=00c60d4d655c7461cf1acb62d9dc4ad5ddcae6ef
The branch, master has been updated
via 00c60d4d655c7461cf1acb62d9dc4ad5ddcae6ef (commit)
from 2cac1ae6f667a9bbba8fd090a7d560cb6a64db80 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 00c60d4d655c7461cf1acb62d9dc4ad5ddcae6ef
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jan 9 21:46:47 2012 +0100
discuss the change in Diffie-Hellman parameters.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-cert-auth2.texi | 2 +-
doc/cha-gtls-app.texi | 9 ++++++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index a2f4f35..acf88c2 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -287,7 +287,7 @@ example of a template file.
@subheading Diffie-Hellman parameter generation
To generate parameters for Diffie-Hellman key exchange, use the command:
@example
-$ certtool --generate-dh-params --outfile dh.pem
+$ certtool --generate-dh-params --outfile dh.pem --sec-param normal
@end example
@subheading Self-signed certificate generation
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 6b40811..50efed2 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -952,9 +952,16 @@ of Diffie-Hellman parameters we suggest against performing
generation
of them within an application. The @code{certtool} tool can be used to
generate or export known safe values that can be stored in code
or in a configuration file to provide the ability to replace. We also
-recommend the usage of @funcref{gnutls_sec_param_to_pk_bits} (see
@ref{Selecting cryptographic key sizes}) to determine
+recommend the usage of @funcref{gnutls_sec_param_to_pk_bits}
+(see @ref{Selecting cryptographic key sizes}) to determine
the bit size of the generated parameters.
+Note that the information stored in the generated PKCS #3 structure
+changed with GnuTLS 3.0.9. Since that version the @code{privateValueLength}
+member of the structure is set, allowing the server utilizing the
+parameters to use keys of the size of the security parameter. This
+provides better performance in key exchange.
+
The ciphersuites that involve the RSA-EXPORT key exchange require
additional parameters. Those ciphersuites are rarely used today
because they are by design insecure, thus if you have no requirement
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-22-g00c60d4,
Nikos Mavrogiannopoulos <=