On 14/06/15, you wrote in gmane.network.stunnel.user:
I appreciate your opinions. Do you think I should trade security for 20 minutes idle CPU time every 24 hours? On modern machines it's closer to 2 minutes... Mike
Hi,
No, of course not. I understood that you did this for security reasons. Better randomize DH params every X time, then fixed, but maybe should be considered.
An user option maybe, to set fixed or random, but random by default? Just an idea.
Note that I'm not requesting this for me, just telling that could be low specs environments to run tiny servers. If it is going to be default, good to know anyway.
I would lie if I don't say that I run the server(s) for small periods of time and having stunnel running 20 minutes calculating the DH is [something], even the DH aren't needed to start connections.
You set as fixed from 4.40 (according to manual) and I'm using Stunnel from 4.5x, so this was new to me.
Regards.
P.S.: fixed=hardcoded