[gnutls-dev] Feature request: not really random session keys

Andreas Metzler ametzler at downhill.at.eu.org
Mon Jan 30 19:20:10 CET 2006


On 2006-01-30 Florian Weimer <fw at deneb.enyo.de> wrote:
> * Nikos Mavrogiannopoulos:
[...]
> > The easier way to fix that is to generate the RSA key and the DH
> > parameters by other means --say certtool running on the bg once per
> > day or something like that.

> The params file seems to be in some kind of proprietary file format,
> so this is not as easy as it sounds.  But we will likely do something
> like this when it's been decided that we cannot scrap RSA_EXPORT
> support.

It is not anymore. Since 4.54?

Quoting /usr/share/doc/exim4-base/changelog.Debian.gz
exim4 (4.52-2) unstable; urgency=low
[...]
  * Use certtool from gnutls-bin in cron.daily to re-generate gnutls-params
    instead of only removing the file and letting exim4 re-generate it at SMTP
    time after receiving STARTTLS. The maximum runtime of certtool is limited
    to 2*1800 seconds per default by using timeout.pl by Piotr Roszatycki
    (checked and beautified by Marc 'HE' Brockschmidt). Add gnutls-bin to
    exim4-base' Suggests. (am) Closes: #285371
[...]

            cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde




More information about the Gnutls-devel mailing list