On 18/09/15 14:14, Florian Weimer wrote: > On 09/17/2015 09:07 PM, Daniel Pocock wrote: > >> For reSIProcate 1.10.0, we will support PFS on TLS connections, this >> requires a DH parameters file to be generated on each installation of >> the package. > > Why is forward secrecy with ECDHE not good enough? For that, you won't > need to generate DH parameters at all. > Both DH and ECDH are supported If the DH parameters are not present, it will still work with ECDH alone. To maximize compatibility in a world of federated SIP though, it is useful to have both. Regards, Daniel -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
