[InterNetNews/inn] 8f3f3f: nnrpd: document that pre-defined DH groups are safe
Julien ÉLIE
noreply at github.com
Sun Oct 17 08:41:09 UTC 2021
Branch: refs/heads/2.6
Home: https://github.com/InterNetNews/inn
Commit: 8f3f3faf63c013c577fd988a4529f214fdc3f385
https://github.com/InterNetNews/inn/commit/8f3f3faf63c013c577fd988a4529f214fdc3f385
Author: Julien ÉLIE <Julien-Elie at users.noreply.github.com>
Date: 2021-10-17 (Sun, 17 Oct 2021)
Changed paths:
M nnrpd/tls.c
Log Message:
-----------
nnrpd: document that pre-defined DH groups are safe
As the pre-defined and hard-coded DH groups are taken from RFC 7919
and safe by construction, there is no need to support user-specific
files, which would complexify the configuration. Remove that note.
close #133
Commit: 687bb742d06f4d67c61dd7fac812bbf56b758d43
https://github.com/InterNetNews/inn/commit/687bb742d06f4d67c61dd7fac812bbf56b758d43
Author: Julien ÉLIE <Julien-Elie at users.noreply.github.com>
Date: 2021-10-17 (Sun, 17 Oct 2021)
Changed paths:
M nnrpd/tls.c
Log Message:
-----------
TLS support: Use OpenSSL built-in DH parameters
OpenSSL 3.0.0 deprecated PEM_read_bio_DHparams() and
SSL_CTX_set_tmp_dh_callback(). The approach of providing DH groups
in discouraged. We now rely on the safe prime groups directly
provided by OpenSSL.
Compare: https://github.com/InterNetNews/inn/compare/d165b11fec6b...687bb742d06f
More information about the inn-committers
mailing list