On Wed, Jul 03, 2019 at 08:56:42PM +0200, Daniel Gustafsson wrote:
> Agreed, I’ve updated the patch with a comment on this formulated such that it
> should stand the test of time even as OpenSSL changes etc.
I'd like to think that we had rather mention the warning issue
explicitely, so as people don't get surprised, like that for example:
* This is the 2048-bit DH parameter from RFC 3526. The generation of the
* prime is specified in RFC 2412, which also discusses the design choice
* of the generator. Note that when loaded with OpenSSL this causes
* DH_check() to fail on with DH_NOT_SUITABLE_GENERATOR, where leaking
* a bit is preferred.
Now this makes an OpenSSL-specific issue pop up within a section of
the code where we want to make things more generic with SSL, so your
simpler version has good arguments as well.
I have just rechecked the shape of the key, and we have an exact
match.
--
Michael
