GNU bug report logs -
#9036
[PATCH] gnutls: Add option to set minimum acceptable Diffie-Hellman key size
Previous Next
Reported by: Lawrence Mitchell <wence <at> gmx.li>
Date: Sat, 9 Jul 2011 14:50:02 UTC
Severity: normal
Tags: patch
Fixed in version 24.1
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Lars Magne Ingebrigtsen wrote:
> Lawrence Mitchell <wence <at> gmx.li> writes:
>> The handshake returns GNUTLS_E_DH_PRIME_UNACCEPTABLE if the
>> number of server prime bits is too low. I don't know how to
>> query the size of the server prime. Maybe
>> gnutls_dh_get_prime_bits? I'm wary to automatically adjust
>> downwards.
> I think adjusting it downwards automatically until you reach a
> (user-definable) absolute lower limit would be fine. But I have no idea
> what an acceptable default lower limit would be, or what the impact on
> security this would have.
>> A better error message (pointing at the existance of
>> gnutls-min-prime-bits) in the case of this failure mode would
>> probably be good though. I'll try and cook up a patch in the
>> next few days.
> Great!
So it turns out this wasn't a few days.
And I couldn't figure out a nice way to fix things up properly.
So no patch sorry :(. However, I think the original bug can be
closed, because there is now an option to set the DH key size.
Lawrence
--
Lawrence Mitchell <wence <at> gmx.li>
This bug report was last modified 13 years and 181 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.