Message 149772 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	pitrou
Recipients	naif, pitrou
Date	2011年12月18日.16:03:52
SpamBayes Score	3.941721e-07
Marked as misclassified	No
Message-id	<1324224293.51.0.798701813112.issue13626@psf.upfronthosting.co.za>

Content
Well the OpenSSL docs say "DH_generate_parameters() may run for several hours before finding a suitable prime", which sounds like a good reason not to do it every time your program is run. Anyway, SSL_CTX_set_tmp_dh() should allow us to set DH parameters on a SSL context, PEM_read_DHparams() to read them from a PEM file, and OpenSSL's source tree has a couple of PEM files with "strong" DH parameters for various key sizes.

Content

Well the OpenSSL docs say "DH_generate_parameters() may run for several hours before finding a suitable prime", which sounds like a good reason not to do it every time your program is run.
Anyway, SSL_CTX_set_tmp_dh() should allow us to set DH parameters on a SSL context, PEM_read_DHparams() to read them from a PEM file, and OpenSSL's source tree has a couple of PEM files with "strong" DH parameters for various key sizes.

History
Date	User	Action	Args
2011年12月18日 16:04:53	pitrou	set	recipients: + pitrou, naif
2011年12月18日 16:04:53	pitrou	set	messageid: <1324224293.51.0.798701813112.issue13626@psf.upfronthosting.co.za>
2011年12月18日 16:03:52	pitrou	link	issue13626 messages
2011年12月18日 16:03:52	pitrou	create

homepage