GNU bug report logs -
#11267
24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Previous Next
Reported by: "Roland Winkler" <winkler <at> gnu.org>
Date: Tue, 17 Apr 2012 21:16:02 UTC
Severity: normal
Found in version 24.0.95
Fixed in version 24.4
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
Message #11 received at 11267 <at> debbugs.gnu.org (full text, mbox):
On Wed Apr 18 2012 Glenn Morris wrote:
> > Despite these error messages, Emacs is sending the mails I want to
> > send. In that sense, I cannot tell how relevant these error messages are.
>
> Me neither. I think it means it is falling back to a non-encrypted
> connection. You can try setting gnutls-min-prime-bits.
>
> If that is so, the error message should probably say something along
> those lines.
You are right. The "fatal error" disappears if I set
gnutls-min-prime-bits to 256. Yet this choice was just a guess based
on the custom declaration of this variable that suggests a value of
512.
I would appreciate if someone more knowledgable could review the
error messages that I have seen such that they become more helpful
for a nonexpert. Also it would be great if the docstring of
gnutls-min-prime-bits was more precise.
- What is the default value used for min-prime-bits if
gnutls-min-prime-bits is nil?
- What are reasonable values for this variable such that a safe
client-server handshake remains possible, if one needs to customize
this variable? (Or the other way round: if a server wants to use a
prime that is too small, it might really be the better solution to
contact its sysadmin. Yet I couldn't tell when a prime falls below
such a threshold.)
Thanks,
Roland
This bug report was last modified 11 years and 153 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.