* Suresh Ramasubramanian: > Possibly good crypto but extremely bad for interoperability, and obviously > ends > up in a lot of email being sent out unencrypted / cleartext when at least a > base level of TLS should have been available and usable. > > Setting tls_dh_min_bits=512 in remote_smtp does help mitigate it.
I suppose the simplest mitigation would be to avoid ephemeral Diffie-Hellman key agreement altogether, that is, remove it from the cipher suite default. 512 bits DH probably allows passive attacks, so IMHO it's unsuitable even if the peer's certificate isn't validated in some way (because like strong DH, this still provides security against passive eavesdroppers). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
