GNU bug report logs - #15057
24.3.50; TLS error with reasonably high gnutls-min-prime-bits

Previous Next

Packages: emacs, gnus;

Reported by: Tassilo Horn <tsdh <at> gnu.org>

Date: Fri, 9 Aug 2013 08:53:01 UTC

Severity: normal

Tags: fixed

Found in version 24.3.50

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 15057 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: 15057 <at> debbugs.gnu.org
Cc: Tassilo Horn <tsdh <at> gnu.org>
Subject: Re: bug#15057: 24.3.50;
 TLS error with reasonably high gnutls-min-prime-bits
Date: Thu, 30 Jan 2014 16:46:43 -0800

Ted Zlatanov <tzz <at> lifelogs.com> writes:

> LMI> gnutls will try to use as high a number of bits as the server supports,
> LMI> I think?  So the variables are fine as they are -- they will give you
> LMI> all the security that the server says that it can provide.
>
> LMI> So the warning is kinda semi-bogus.  Or at least ... premature.
>
> It's complicated and depends on the specific TLS priority string on the
> client and the server's preferences; e.g. ECC seems to negotiate in a
> completely different way.  I asked on the gnutls-devel mailing list and
> there's just no good answer AFAICT.

But we're specifying the minimum prime bits that we accept.  Surely the
client and server will negotiate the maximum possible bits they both
accept?

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/
This bug report was last modified 10 years and 169 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.