#11267 - 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

GNU bug report logs - #11267
24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

Package: emacs;

Reported by: "Roland Winkler" <winkler <at> gnu.org>

Date: Tue, 17 Apr 2012 21:16:02 UTC

Severity: normal

Found in version 24.0.95

Fixed in version 24.4

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Message #31 received at 11267 <at> debbugs.gnu.org (full text, mbox):

From: "Roland Winkler" <winkler <at> gnu.org> To: Ted Zlatanov <tzz <at> lifelogs.com> Cc: Lars Magne Ingebrigtsen <larsi <at> gnus.org>, 11267 <at> debbugs.gnu.org Subject: Re: bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). Date: Tue, 24 Apr 2012 15:04:58 -0500

On Tue Apr 24 2012 Ted Zlatanov wrote: > The error is coming straight from GnuTLS. We can probably add a > Emacs-specific clarification to it, mentioning `gnutls-min-prime-bits'. > Would that be more helpful? Or should I add a FAQ section to > emacs-gnutls.texi? In my opinion (a user who does not know much about the internals of gnutls) mentioning `gnutls-min-prime-bits' by itself does not solve the problem because I find that the doc string of this variable is useful only for experts (see below). Kind of related: "fatal error" sounds rather frightening, in particular if one can only speculate how emacs worked around this error. This could be clarified. > Dropping down to fewer bits in the DH prime is AFAIK not a serious > concern: you're not exposing your communications, only making the > exchange of the secret key slightly less secure. So you're slightly > more vulnerable to a man-in-the-middle attack, but the connection itself > will be encrypted. You can only turn off encryption by changing the > priority string. If these details would be explained in the doc string of `gnutls-min-prime-bits' and / or emacs-gnutls.texi would be helpful. Also, it would be good (though I don't know whether a generic answer is possible) to give some guidance on "reasonable" values for `gnutls-min-prime-bits' as compared to cases where it would be better to contact the sysadmin of the server requesting a change in the setup of the server. Roland

This bug report was last modified 11 years and 153 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #11267 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

GNU bug report logs - #11267
24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).