See 2/2 for explanation. Ideally, we wouldn't use gnutls_dh_params_generate2() at all, per [1]. But that would require bumping minimal required version to gnutls-3.6.0 and I'm not sure how available it is in OSes we support. Therefore, for now let's stick with patch 2/2. 1: https://www.gnutls.org/manual/html_node/Parameter-generation.html Michal Prívozník (2): virnettlscontext: Drop gnutls_dh_set_prime_bits() virnettlscontext: Don't pass static key length to gnutls_dh_params_generate2() src/rpc/virnettlscontext.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) -- 2.32.0
