projects / exim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ae5afa6) | patch
DH parameters update, new values & default exim-4_88_RC2
authorPhil Pennock <pdp@exim.org>
Sun, 29 May 2016 06:31:18 +0000 (02:31 -0400)
committerPhil Pennock <pdp@exim.org>
Sat, 8 Oct 2016 23:23:37 +0000 (19:23 -0400)
commit317e40ac8b1b816f4a22620a5647c6258de61598
tree46f3796e23ecca09e0992b1a25eadaf8d062a466tree | snapshot (zip tar.gz)
parentae5afa61184b6c9b39f58804032b32b42e3ba44ecommit | diff
DH parameters update, new values & default

* Add three new Exim-specific DH parameter constants; state provenance,
  but no way for others to verify; this is a signed commit, which is
  about as much as we can do for the truly paranoid: provide an audit
  trail.
* Add the RFC 7919 DH primes
  + No TLS feature negotiation, per 7919, but the DH primes can be used
    if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
  + Turns out, q doesn't affect the PEM and that's not a mistake in my
    initialisation; I've checked with a cryptographer, we're losing some
    server-side optimizations but not any security properties for our
    scenario.

Fixes: 1895
doc/doc-docbook/spec.xfpt diff | blob | blame | history
doc/doc-txt/ChangeLog diff | blob | blame | history
doc/doc-txt/NewStuff diff | blob | blame | history
src/scripts/source_checks diff | blob | blame | history
src/src/std-crypto.c diff | blob | blame | history
src/util/.gitignore [new file with mode: 0644] blob
src/util/gen_pkcs3.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.