[InterNetNews/inn] 8f3f3f: nnrpd: document that pre-defined DH groups are safe

Julien ÉLIE noreply at github.com
Sun Oct 17 08:41:09 UTC 2021


  Branch: refs/heads/2.6
  Home:   https://github.com/InterNetNews/inn
  Commit: 8f3f3faf63c013c577fd988a4529f214fdc3f385
      https://github.com/InterNetNews/inn/commit/8f3f3faf63c013c577fd988a4529f214fdc3f385
  Author: Julien ÉLIE <Julien-Elie at users.noreply.github.com>
  Date:   2021-10-17 (Sun, 17 Oct 2021)

  Changed paths:
    M nnrpd/tls.c

  Log Message:
  -----------
  nnrpd:  document that pre-defined DH groups are safe

As the pre-defined and hard-coded DH groups are taken from RFC 7919
and safe by construction, there is no need to support user-specific
files, which would complexify the configuration.  Remove that note.

close #133


  Commit: 687bb742d06f4d67c61dd7fac812bbf56b758d43
      https://github.com/InterNetNews/inn/commit/687bb742d06f4d67c61dd7fac812bbf56b758d43
  Author: Julien ÉLIE <Julien-Elie at users.noreply.github.com>
  Date:   2021-10-17 (Sun, 17 Oct 2021)

  Changed paths:
    M nnrpd/tls.c

  Log Message:
  -----------
  TLS support: Use OpenSSL built-in DH parameters

OpenSSL 3.0.0 deprecated PEM_read_bio_DHparams() and
SSL_CTX_set_tmp_dh_callback().  The approach of providing DH groups
in discouraged.  We now rely on the safe prime groups directly
provided by OpenSSL.


Compare: https://github.com/InterNetNews/inn/compare/d165b11fec6b...687bb742d06f


More information about the inn-committers mailing list