git://git.exim.org
/
users
/
heiko
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix build for non-Linux platforms having openat.
[users/heiko/exim.git]
/
doc
/
doc-txt
/
GnuTLS-FAQ.txt
diff --git
a/doc/doc-txt/GnuTLS-FAQ.txt
b/doc/doc-txt/GnuTLS-FAQ.txt
index 766e27927bd38b667d6d0ab53df4adeebc4b1df2..ab4e5aaa6a88e549304923d5d75c2a271feef939 100644
(file)
--- a/
doc/doc-txt/GnuTLS-FAQ.txt
+++ b/
doc/doc-txt/GnuTLS-FAQ.txt
@@
-6,7
+6,7
@@
Using Exim 4.80+ with GnuTLS
(3) I'm seeing:
"(gnutls_handshake): A TLS packet with unexpected length was received"
Why?
(3) I'm seeing:
"(gnutls_handshake): A TLS packet with unexpected length was received"
Why?
-(4) What's the deal with MD5?
+(4) What's the deal with MD5?
(And SHA-1?)
(5) What happened to gnutls_require_kx / gnutls_require_mac /
gnutls_require_protocols?
(6) What's the deal with tls_dh_max_bits? What's DH?
(5) What happened to gnutls_require_kx / gnutls_require_mac /
gnutls_require_protocols?
(6) What's the deal with tls_dh_max_bits? What's DH?
@@
-89,8
+89,8
@@
option fixes the problem, this was the cause. See Q6.
-(4): What's the deal with MD5?
-------------------------------
+(4): What's the deal with MD5?
(And SHA-1?)
+------------------------------
--------------
MD5 is a hash algorithm. Hash algorithms are used to reduce a lot of data
down to a fairly short value, which is supposed to be extremely hard to
MD5 is a hash algorithm. Hash algorithms are used to reduce a lot of data
down to a fairly short value, which is supposed to be extremely hard to
@@
-119,6
+119,10
@@
the ongoing costs of proving a trust relationship, such as providing
revocation protocols. This is just another of those ongoing costs you have
already paid for.
revocation protocols. This is just another of those ongoing costs you have
already paid for.
+The same has happened to SHA-1: there are real-world collision attacks against
+SHA-1, so SHA-1 is mostly defunct in certificates. GnuTLS no longer supports
+its use in TLS certificates.
+
(5): ... gnutls_require_kx / gnutls_require_mac / gnutls_require_protocols?
(5): ... gnutls_require_kx / gnutls_require_mac / gnutls_require_protocols?
@@
-300,7
+304,7
@@
NORMAL.) See Q8.
The current documentation, for the most recent release of GnuTLS, is available
online at:
The current documentation, for the most recent release of GnuTLS, is available
online at:
- http://www.gnu
.org/software/gnutls
/manual/html_node/Priority-Strings.html
+ http://www.gnu
tls.org
/manual/html_node/Priority-Strings.html
Beware that if you are not using the most recent GnuTLS release then this
documentation will be wrong for you! You should find the "info" documentation
Beware that if you are not using the most recent GnuTLS release then this
documentation will be wrong for you! You should find the "info" documentation