On Wed, Sep 09, 2015 at 07:45:16AM -0400, Jeffrey Walton wrote: > Hi Georgi, > > Sorry to go offlist... > > Also keep in mind that the IETF has effectively deprecated the DH > parameters in PKIX certificates. In fact, they moved to fixed DH > groups to avoid the option dance between client and server; and that > has the benefit that the parameters can be validated offline. As for > DSA, the IETF is killing it off, too. > > See, for example, > https://tools.ietf.org/html/draft-gillmor-tls-negotiated-dl-dhe-00 and > https://www.ietf.org/mail-archive/web/tls/current/msg17489.html > (archive of latter at > https://www.ietf.org/mail-archive/web/tls/current/maillist.html). > > Jeff > 10x, might try to see these later. the issue appears still alive in openssl or am i missing something?
