diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2018-09-18 14:02:55 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2018-09-18 14:02:55 +0700 |
commit | e5ce7d7fa8a16984adfff485196d3a7ce212f6a6 (patch) | |
tree | eade892f5740e4e490f76742e0a7cfc9d471c095 /crypto/Readme.html | |
parent | Blake2b/s: relax length-only constructor constraints (diff) | |
download | BouncyCastle.NET-ed25519-e5ce7d7fa8a16984adfff485196d3a7ce212f6a6.tar.xz |
Link to "Prime and Prejudice" paper
Diffstat (limited to 'crypto/Readme.html')
-rw-r--r-- | crypto/Readme.html | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html index 59c333290..a89e7e535 100644 --- a/crypto/Readme.html +++ b/crypto/Readme.html @@ -315,7 +315,8 @@ We state, where EC MQV has not otherwise been disabled or removed: In this release, the TLS library has moved to a whitelisting approach for client-side validation of server-presented Diffie-Hellman (DH) parameters. In the default configuration, if a ciphersuite using ephemeral DH is selected by the server, the client will abort the handshake if the proposed DH group is not one of those specified in RFC 3526 or RFC 7919, - or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default. + or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default. See also the paper + <a href="https://eprint.iacr.org/2018/749">"Prime and Prejudice: Primality Testing Under Adversarial Conditions"</a>. </li> </ul> |