GNU bug report logs - #11267
24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

Previous Next

Package: emacs;

Reported by: "Roland Winkler" <winkler <at> gnu.org>

Date: Tue, 17 Apr 2012 21:16:02 UTC

Severity: normal

Found in version 24.0.95

Fixed in version 24.4

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com>
To: Roland Winkler <winkler <at> gnu.org>
Cc: 15057 <at> debbugs.gnu.org, Ted Zlatanov <tzz <at> lifelogs.com>, 16253 <at> debbugs.gnu.org, 11267 <at> debbugs.gnu.org
Subject: bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Date: Mon, 10 Feb 2014 09:28:09 +0100

On Mon, Feb 10, 2014 at 4:06 AM, Roland Winkler <winkler <at> gnu.org> wrote:
> On Sun Feb 9 2014 Ted Zlatanov wrote:
>> Roland, if you are satisfied with the direction taken in those
>> bugs, we can probably close this one.
> I am still a bit confused concerning a "reasonable minimal value"
> for gnutls-min-prime-bits.  Is 256 a value that I can feel
> comfortable about?

No. 256-bit DH is a bit harder than rot13 as encryption. I'd suggest
not to set the minimum acceptable size and let gnutls decide instead.
For broken servers that use very small sizes, you could disable the
DHE ciphersuites as described in the previous mails.

regards,
Nikos
This bug report was last modified 11 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.