Disallow 1024-bit DH keys in TLS handshake
The code still contains a 1024 bit DH key. If you still want to support DH, can I suggest you switch to a key from rfc7919?
As far as I understand, since 0.2.4, ECDHE is prefered, and DHE shouldn't be used anymore. The 0.2.4 branch itself doesn't seem to be supported anymore.
legacy/trac#27344 (moved) changed things so that 1024 bit DH keys will always be allowed, and only seems to be added to support very old hosts that are known to have several security issues.
Trac:
Username: kroeckx
Edited by Nick Mathewson