Changes between Version 1 and Version 2 of Ticket #3064, comment 2
- Timestamp:
- 06/15/2017 11:59:28 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #3064, comment 2
v1 v2 1 Yes, that fixes it! Now the certificate verifies as expected. I applied the patch directly on the code distributed in theUbuntu repositories, so it should be good for 1.3-stable.1 Yes, that fixes it! Now the certificate verifies as expected. I applied the patch directly on the code distributed in your Ubuntu repositories, so it should be good for 1.3-stable. 2 2 3 3 In the "wishlist" column, it would be nice if the server didn't ignore the certificate's keyUsage field. Mine is set to "critical, digitalSignature", which should forbid plain RSA but nevertheless the server uses plain RSA. (EC)DHE would very much be preferred in this day and age, shouldn't be to hard to generate a bunch of dhparams and include it with the distribution or generate it dynamically. While we're at it, use AES GCM mode rather than CBC mode, but that's just nitpicking.