Message149772
Well the OpenSSL docs say “DH_generate_parameters() may run for several hours before finding a suitable prime”, which sounds like a good reason not to do it every time your program is run.
Anyway, SSL_CTX_set_tmp_dh() should allow us to set DH parameters on a SSL context, PEM_read_DHparams() to read them from a PEM file, and OpenSSL's source tree has a couple of PEM files with "strong" DH parameters for various key sizes. |
|
Date |
User |
Action |
Args |
2011-12-18 16:04:53 | pitrou | set | recipients:
+ pitrou, naif |
2011-12-18 16:04:53 | pitrou | set | messageid: <1324224293.51.0.798701813112.issue13626@psf.upfronthosting.co.za> |
2011-12-18 16:03:52 | pitrou | link | issue13626 messages |
2011-12-18 16:03:52 | pitrou | create | |
|