[Fedora-packaging] running openssl dhparam in %post
Daniel Pocock
daniel at pocock.pro
Fri Sep 18 13:14:29 UTC 2015
On 18/09/15 14:14, Florian Weimer wrote:
> On 09/17/2015 09:07 PM, Daniel Pocock wrote:
>
>> For reSIProcate 1.10.0, we will support PFS on TLS connections, this
>> requires a DH parameters file to be generated on each installation of
>> the package.
>
> Why is forward secrecy with ECDHE not good enough? For that, you won't
> need to generate DH parameters at all.
>
Both DH and ECDH are supported
If the DH parameters are not present, it will still work with ECDH alone.
To maximize compatibility in a world of federated SIP though, it is
useful to have both.
Regards,
Daniel
More information about the packaging
mailing list