DH_GRP_MIN is currently 1024, should it be bumped to 2048?

Mark D. Baushke mdb at juniper.net
Sat Jul 25 09:25:38 AEST 2015

Previous message (by thread): patch to fetch sshfp using getdns
Next message (by thread): DH_GRP_MIN is currently 1024, should it be bumped to 2048?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings,

Given the weakness with Diffie-Hellman modp groups less than 2048, is it
time to bump the suggested 1024 bit minimum value from the RFC 4419 to a
more current 2048 value for OpenSSH 7.0?

If so, should this be just a compile-time change, or should there be a
new client and server runtime option?

	Thanks,
	-- Mark

Previous message (by thread): patch to fetch sshfp using getdns
Next message (by thread): DH_GRP_MIN is currently 1024, should it be bumped to 2048?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssh-unix-dev mailing list