On 18/09/15 14:14, Florian Weimer wrote:
On 09/17/2015 09:07 PM, Daniel Pocock wrote:
> For reSIProcate 1.10.0, we will support PFS on TLS connections, this
> requires a DH parameters file to be generated on each installation of
> the package.
Why is forward secrecy with ECDHE not good enough? For that, you won't
need to generate DH parameters at all.
Both DH and ECDH are supported
If the DH parameters are not present, it will still work with ECDH alone.
To maximize compatibility in a world of federated SIP though, it is
useful to have both.
Regards,
Daniel