[PATCH 0/2] gnutls: Be more clever about DH key size
Martin Kletzander
mkletzan at redhat.com
Wed Dec 22 12:32:06 UTC 2021
On Tue, Dec 21, 2021 at 03:22:57PM +0100, Michal Privoznik wrote:
>See 2/2 for explanation.
>
>Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1].
>But that would require bumping minimal required version to gnutls-3.6.0
>and I'm not sure how available it is in OSes we support. Therefore, for
As far as I can tell from repology.org all the major distros have 3.6.x
in more than one version and definitely all those that we have in the
CI, so I'd say bump that.
>now let's stick with patch 2/2.
>
>1: https://www.gnutls.org/manual/html_node/Parameter-generation.html
>
>Michal Prívozník (2):
> virnettlscontext: Drop gnutls_dh_set_prime_bits()
> virnettlscontext: Don't pass static key length to
> gnutls_dh_params_generate2()
>
> src/rpc/virnettlscontext.c | 15 ++++++++++-----
> 1 file changed, 10 insertions(+), 5 deletions(-)
>
>--
>2.32.0
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20211222/031ff4a4/attachment-0001.sig>
More information about the libvir-list
mailing list