Re: Replacing the EDH SKIP primes

> On 04 Jul 2019, at 02:58, Michael Paquier <michael@paquier.xyz> wrote:
>
>> On Wed, Jul 03, 2019 at 08:56:42PM +0200, Daniel Gustafsson wrote:
>> Agreed, I’ve updated the patch with a comment on this formulated such that it
>> should stand the test of time even as OpenSSL changes etc.
>
> I'd like to think that we had rather mention the warning issue
> explicitely, so as people don't get surprised, like that for example:
>
> *  This is the 2048-bit DH parameter from RFC 3526.  The generation of the
> *  prime is specified in RFC 2412, which also discusses the design choice
> *  of the generator.  Note that when loaded with OpenSSL this causes
> *  DH_check() to fail on with DH_NOT_SUITABLE_GENERATOR, where leaking
> *  a bit is preferred.
>
> Now this makes an OpenSSL-specific issue pop up within a section of
> the code where we want to make things more generic with SSL, so your
> simpler version has good arguments as well.
>
> I have just rechecked the shape of the key, and we have an exact
> match.

LGTM, thanks.

cheers ./daniel