On Mon 2015-06-22 01:52:32 -0400, Ben Caradoc-Davies wrote: > On 21/06/15 11:33, Ben Caradoc-Davies wrote: >> The best solution is still for all servers to use strong keys (world >> peace, anyone?). > > My IMAPS service provider just responded to my request and upgraded to a > strong DH temp key. Perhaps world peace is still possible! :-)
Three cheers for world peace! This sort of change is exactly the change that we want to see happen :) > $ openssl s_client -connect ub007lcs04.cbr.the-server.net.au:993 > [...] > Server Temp Key: DH, 2048 bits > [...] > > This also means that I no longer have a weak temp key to test against. I consider that a good thing :) If there is some perverse reason that we need a public IMAP server using terrible DH parameters, i can probably set one up, but i'm not inclined to encourage this sort of situation. Mike, let me know if you want such a beast to test things against. --dkg
signature.asc
Description: PGP signature
