Skip to content

Gather data about possible transition to 2048bit RSA/DHE

I propose that while prop 198 and others cover some crypto changes we need to make - I think they won't be made quickly enough. I think that we should jump to 2048bit rsa and 2048bit DHE as soon as possible. We should do this before 0.2.4.x (which nick says will enable TLS-ECDHE by default) as we have a long way before 0.2.4.x is even remotely available.

The first thing is that nick says: I want to know performance impact and fingerprintability.

This ticket should gather data on performance (RSA/DHE/etc) for servers and on the issue of fingerprintability (mitm filter/block/etc) where people use 2048bit DHE.

I've put this as a 02.3.x-final Milestone but it's likely this will change.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information