GNU bug report logs -
#15057
24.3.50; TLS error with reasonably high gnutls-min-prime-bits
Previous Next
Reported by: Tassilo Horn <tsdh <at> gnu.org>
Date: Fri, 9 Aug 2013 08:53:01 UTC
Severity: normal
Tags: fixed
Found in version 24.3.50
Fixed in version 25.1
Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Tassilo Horn <tsdh <at> gnu.org> writes:
> When TLS support landed and Gnus used it, I frequently had messages like
> "the Diffie-Hellman prime has been lowered to XXX bits" for XXX being
> 256(?) or something like that. Then I've set
The fix here is to make that warning go away. But we're moving to a new
version of gnutls, so nobody has taken the time to twiddle with warning
from the old version of the gnutls library.
> Would it be possible to have a new variable
> `gnutls-preferred-prime-bits' which is tried first for every connection?
> If the server doesn't want to, you'd get a warning and the number of
> bits would be lowered, but never below `gnutls-min-prime-bits' which
> would still be the hard limit where you get an error.
gnutls will try to use as high a number of bits as the server supports,
I think? So the variables are fine as they are -- they will give you
all the security that the server says that it can provide.
So the warning is kinda semi-bogus. Or at least ... premature.
--
(domestic pets only, the antidote for overdose, milk.)
No Gnus T-Shirt for sale: http://ingebrigtsen.no/no.php
and http://lars.ingebrigtsen.no/2013/08/twenty-years-of-september.html
This bug report was last modified 10 years and 169 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.