[openssl-users] Why openssl 1.0.1p accepts composite $q$ in DSA?
guninski at guninski.com
Wed Sep 9 11:55:10 UTC 2015
On Wed, Sep 09, 2015 at 07:45:16AM -0400, Jeffrey Walton wrote:
> Hi Georgi,
> Sorry to go offlist...
> Also keep in mind that the IETF has effectively deprecated the DH
> parameters in PKIX certificates. In fact, they moved to fixed DH
> groups to avoid the option dance between client and server; and that
> has the benefit that the parameters can be validated offline. As for
> DSA, the IETF is killing it off, too.
> See, for example,
> https://tools.ietf.org/html/draft-gillmor-tls-negotiated-dl-dhe-00 and
> (archive of latter at
10x, might try to see these later.
the issue appears still alive in openssl or am i
More information about the openssl-users