GNU bug report logs - #15057
24.3.50; TLS error with reasonably high gnutls-min-prime-bits

Previous Next

Packages: emacs, gnus;

Reported by: Tassilo Horn <tsdh <at> gnu.org>

Date: Fri, 9 Aug 2013 08:53:01 UTC

Severity: normal

Tags: fixed

Found in version 24.3.50

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #56 received at 15057 <at> debbugs.gnu.org (full text, mbox):

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: Tassilo Horn <tsdh <at> gnu.org>
Cc: 15057 <at> debbugs.gnu.org
Subject: Re: bug#15057: 24.3.50;
 TLS error with reasonably high gnutls-min-prime-bits
Date: Mon, 08 Dec 2014 20:43:40 +0100

Tassilo Horn <tsdh <at> gnu.org> writes:

> When TLS support landed and Gnus used it, I frequently had messages like
> "the Diffie-Hellman prime has been lowered to XXX bits" for XXX being
> 256(?) or something like that.  Then I've set
>
>   (setq gnutls-min-prime-bits 2048)
>
> and everything worked smoothly, I got no warning messages, and I felt
> more secure.  Well, until today.  When I fired up Gnus today, I got this
> error for my Fastmail IMAP account:
>
> 20130809T100721.075> Opening connection to mail.messagingengine.com via tls...
> gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

That's what you asked it to do, so it's not a bug.  However, the NSM
just got a Diffie-Hellman check, so that can be used instead.  So I'm
closing this bug report.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 10 years and 169 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.