Royce Williams

@jsteube confirmed - functionality degraded until this can be fixed.

Concur with @Harvie. If it's an optional flag, then the syadmin gets to choose the tradeoff. When it's a system that I maintain privately, I would love to be able...

Ha - I actually hadn't heard! My spider sense must have been tingling. ;) Great!

This version still depends on Python 2.x. This fork might match your setup better: https://github.com/Hydraze/pack

This can be simulated with multiple runs of policygen, then sort + unique.

There is a Python3-ish fork, not sure of status: https://github.com/Hydraze/pack

The closest I've seen in the wild is 768-bit, but the closer to 1023, the better.

Fair question. Here are relevant references: [announcement for Firefox](https://blog.mozilla.org/security/2016/09/30/mitigating-logjam-enforcing-stronger-diffie-hellman-key-exchange/), [issue for Chrome](https://bugs.chromium.org/p/chromium/issues/detail?id=490240), [announcement for IE](https://technet.microsoft.com/en-us/library/security/ms15-055.aspx), [announcement for OpenSSL](https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/). The advice at [weakdh.org](https://weakdh.org/) summarizes it well: > Make sure any TLS...

Ah, good catch! I personally like the idea of {-64, -1, 0, +1, +64}. This supports the entire set of corner cases that most of the user base could conceivably...

And in anticipation of feature requests for other DH values, a future-ready solution to hosts enumeration would merge and dedupe two lists: a generated list of values, and a manually...