Changes between Version 1 and Version 2 of Ticket #3064, comment 2


Ignore:
Timestamp:
06/15/2017 11:59:28 AM (7 years ago)
Author:
Jay-C
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #3064, comment 2

    v1 v2  
    1 Yes, that fixes it! Now the certificate verifies as expected. I applied the patch directly on the code distributed in the Ubuntu repositories, so it should be good for 1.3-stable. 
     1Yes, that fixes it! Now the certificate verifies as expected. I applied the patch directly on the code distributed in your Ubuntu repositories, so it should be good for 1.3-stable. 
    22 
    33In the "wishlist" column, it would be nice if the server didn't ignore the certificate's keyUsage field. Mine is set to "critical, digitalSignature", which should forbid plain RSA but nevertheless the server uses plain RSA. (EC)DHE would very much be preferred in this day and age, shouldn't be to hard to generate a bunch of dhparams and include it with the distribution or generate it dynamically. While we're at it, use AES GCM mode rather than CBC mode, but that's just nitpicking.