[PATCH 0/2] gnutls: Be more clever about DH key size
Martin Kletzander
mkletzan at redhat.com
Wed Dec 22 14:32:02 UTC 2021
On Wed, Dec 22, 2021 at 02:14:59PM +0100, Ján Tomko wrote:
>On a Wednesday in 2021, Martin Kletzander wrote:
>>On Tue, Dec 21, 2021 at 03:22:57PM +0100, Michal Privoznik wrote:
>>>See 2/2 for explanation.
>>>
>>>Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1].
>>>But that would require bumping minimal required version to gnutls-3.6.0
>>>and I'm not sure how available it is in OSes we support. Therefore, for
>>
>>As far as I can tell from repology.org all the major distros have 3.6.x
>>in more than one version and definitely all those that we have in the
>>CI, so I'd say bump that.
>>
>
>There's Ubuntu 18.04 with 3.5.18.
>
And we consider only LTS, so we can drop that in April when 20.04 is out
for 2 years. I finally found the exact spelling in docs/platform.rst
(available online at https://libvirt.org/platforms.html as well) which I
always struggle to find.
>But we could #ifndef the old code out and use the pre-generated
>parameters on every other distro, as recommended.
>
Since counting the bits is so discouraged I would also prefer this
option with the hopes for us remembering to remove that.
Actually, can we have like a commit hook that would check current date
against some file in the repository and just let us know that there
might be something to remove? O:-)
>Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20211222/3bcda660/attachment-0001.sig>
More information about the libvir-list
mailing list