starred/certbot-certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-15 09:51:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update various references to draft RFC to published versions. (#9250)

Browse Source
This commit is contained in:
Mads Jensen
2022-03-29 02:26:06 +02:00
committed by GitHub
parent 1d45939cab
commit 142fcad28b
4 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
acme/acme/__init__.py
+1 -1
View File
@@ -2,7 +2,7 @@
This module is an implementation of the `ACME protocol`_.
.. _`ACME protocol`: https://ietf-wg-acme.github.io/acme
.. _`ACME protocol`: https://datatracker.ietf.org/doc/html/rfc8555
"""
import sys
acme/acme/client.py
+1 -1
View File
@@ -1104,7 +1104,7 @@ class ClientNetwork:
is ignored, but logged.
:raises .messages.Error: If server response body
carries HTTP Problem (draft-ietf-appsawg-http-problem-00).
carries HTTP Problem (https://datatracker.ietf.org/doc/html/rfc7807).
:raises .ClientError: In case of other networking errors.
"""
acme/acme/messages.py
+1 -1
View File
@@ -82,7 +82,7 @@ def is_acme_error(err: BaseException) -> bool:
class Error(jose.JSONObjectWithFields, errors.Error):
"""ACME error.
https://tools.ietf.org/html/draft-ietf-appsawg-http-problem-00
https://datatracker.ietf.org/doc/html/rfc7807
:ivar str typ:
:ivar str title:
certbot/docs/ciphers.rst
+9 -4
View File
@@ -188,12 +188,17 @@ BetterCrypto.org, a collaboration of mostly European IT security experts, has pu
https://bettercrypto.org/
FF-DHE Internet-Draft
~~~~~~~~~~~~~~~~~~~~~
RFC 7919
~~~~~~~~
Gillmor's Internet-Draft "Negotiated Discrete Log Diffie-Hellman Ephemeral Parameters for TLS" is being developed at the IETF TLS WG. It advocates using *standardized* DH groups in all cases, not individually-chosen ones (mostly because of the Triple Handshake attack which can involve maliciously choosing invalid DH groups). The draft provides a list of recommended groups, with primes beginning at 2048 bits and going up from there. It also has a new protocol mechanism for agreeing to use these groups, with the possibility of backwards compatibility (and use of weaker DH groups) for older clients and servers that don't know about this mechanism.
IETF has published a document, RFC 7919, "Negotiated Discrete Log Diffie-Hellman Ephemeral Parameters for TLS".
It advocates using *standardized* DH groups in all cases, not individually-chosen ones (mostly because of the Triple
Handshake attack which can involve maliciously choosing invalid DH groups). The RFC provides a list of recommended
groups, with primes beginning at 2048 bits and going up from there. It also has a new protocol mechanism for agreeing
to use these groups, with the possibility of backwards compatibility (and use of weaker DH groups) for older clients
and servers that don't know about this mechanism.
https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-10
https://datatracker.ietf.org/doc/html/rfc7919
Mozilla
~~~~~~~