[PATCH 0/2] gnutls: Be more clever about DH key size
Ján Tomko
jtomko at redhat.com
Wed Dec 22 13:14:59 UTC 2021
On a Wednesday in 2021, Martin Kletzander wrote:
>On Tue, Dec 21, 2021 at 03:22:57PM +0100, Michal Privoznik wrote:
>>See 2/2 for explanation.
>>
>>Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1].
>>But that would require bumping minimal required version to gnutls-3.6.0
>>and I'm not sure how available it is in OSes we support. Therefore, for
>
>As far as I can tell from repology.org all the major distros have 3.6.x
>in more than one version and definitely all those that we have in the
>CI, so I'd say bump that.
>
There's Ubuntu 18.04 with 3.5.18.
But we could #ifndef the old code out and use the pre-generated
parameters on every other distro, as recommended.
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20211222/e1b87cc5/attachment-0001.sig>
More information about the libvir-list
mailing list