diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-09 21:46:47 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-09 21:46:47 +0100 |
commit | 00c60d4d655c7461cf1acb62d9dc4ad5ddcae6ef (patch) | |
tree | e102f670ae40e4f55d38ae0c70b571f6a1cd6717 /doc/cha-gtls-app.texi | |
parent | 2cac1ae6f667a9bbba8fd090a7d560cb6a64db80 (diff) | |
download | gnutls-00c60d4d655c7461cf1acb62d9dc4ad5ddcae6ef.tar.gz |
discuss the change in Diffie-Hellman parameters.
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r-- | doc/cha-gtls-app.texi | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 6b408110ee..50efed2911 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -952,9 +952,16 @@ of Diffie-Hellman parameters we suggest against performing generation of them within an application. The @code{certtool} tool can be used to generate or export known safe values that can be stored in code or in a configuration file to provide the ability to replace. We also -recommend the usage of @funcref{gnutls_sec_param_to_pk_bits} (see @ref{Selecting cryptographic key sizes}) to determine +recommend the usage of @funcref{gnutls_sec_param_to_pk_bits} +(see @ref{Selecting cryptographic key sizes}) to determine the bit size of the generated parameters. +Note that the information stored in the generated PKCS #3 structure +changed with GnuTLS 3.0.9. Since that version the @code{privateValueLength} +member of the structure is set, allowing the server utilizing the +parameters to use keys of the size of the security parameter. This +provides better performance in key exchange. + The ciphersuites that involve the RSA-EXPORT key exchange require additional parameters. Those ciphersuites are rarely used today because they are by design insecure, thus if you have no requirement |