GNU bug report logs - #15057
24.3.50; TLS error with reasonably high gnutls-min-prime-bits

Previous Next

Packages: gnus, emacs;

Reported by: Tassilo Horn <tsdh <at> gnu.org>

Date: Fri, 9 Aug 2013 08:53:01 UTC

Severity: normal

Tags: fixed

Found in version 24.3.50

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #35 received at 15057 <at> debbugs.gnu.org (full text, mbox):

From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 15057 <at> debbugs.gnu.org, 16253 <at> debbugs.gnu.org,
 Roland Winkler <winkler <at> gnu.org>, 11267 <at> debbugs.gnu.org,
 Tassilo Horn <tsdh <at> gnu.org>
Subject: Re: bug#15057: 24.3.50; TLS error with reasonably high
 gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error:
 The Diffie-Hellman prime sent by the server is not acceptable (not long
 enough).
Date: Tue, 11 Feb 2014 11:35:27 +0100

On Tue, Feb 11, 2014 at 6:09 AM, Lars Ingebrigtsen <larsi <at> gnus.org> wrote:
> Ted Zlatanov <tzz <at> lifelogs.com> writes:
>> LI> But aren't there lots of (or some) servers that only supports DHE and
>> LI> not ECDHE?
>> There's no way to know until you connect, that's the heart of the
>> problem.  So IIUC you'd have to either be potentially insecure all the
>> time (DHE enabled) or potentially fail connecting to some servers.
> I thought TLS worked like this:
> 1) You connect to a server.
> 2) A server says what encryption methods it supports
> 3) You choose one, and start talking in that method.

(let's suppose that the chosen method is DHE)

4) The server presents its DHE parameters and you realize that they
are not acceptable.
5) Cannot do anything except abort the session, disable support for
DHE and go to (1).

>> I think the latter is the better option as a default, as long as we make
>> it clear (not in a *GnuTLS log* buffer but with `message' so it shows up
>> in the echo region and in STDERR in batch mode) that
>> * the connection was rejected because the remote requires a lower level
>> of security
> I've basically never ever seen Firefox say "you can't talk to this
> server, because the TLS is too weak".  Neither should Emacs.

Firefox in the past would happily connect to a server offering weak parameters.
This is changing now:
https://bugzilla.mozilla.org/show_bug.cgi?id=587234

So instead of emacs replicating what the insecure versions of firefox
did, it could provide security by default.

regards,
Nikos
This bug report was last modified 10 years and 169 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.