GNU bug report logs - #9036
[PATCH] gnutls: Add option to set minimum acceptable Diffie-Hellman key size

Previous Next

Package: emacs;

Reported by: Lawrence Mitchell <wence <at> gmx.li>

Date: Sat, 9 Jul 2011 14:50:02 UTC

Severity: normal

Tags: patch

Fixed in version 24.1

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #20 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Lawrence Mitchell <wence <at> gmx.li>
To: bug-gnu-emacs <at> gnu.org
Subject: Re: bug#9036: [PATCH] gnutls: Add option to set minimum acceptable
	Diffie-Hellman key size
Date: Thu, 10 Nov 2011 15:21:54 +0000

Lars Magne Ingebrigtsen wrote:
> Lawrence Mitchell <wence <at> gmx.li> writes:

>> The handshake returns GNUTLS_E_DH_PRIME_UNACCEPTABLE if the
>> number of server prime bits is too low.  I don't know how to
>> query the size of the server prime.  Maybe
>> gnutls_dh_get_prime_bits?  I'm wary to automatically adjust
>> downwards.

> I think adjusting it downwards automatically until you reach a
> (user-definable) absolute lower limit would be fine.  But I have no idea
> what an acceptable default lower limit would be, or what the impact on
> security this would have.

>> A better error message (pointing at the existance of
>> gnutls-min-prime-bits) in the case of this failure mode would
>> probably be good though.  I'll try and cook up a patch in the
>> next few days.

> Great!

So it turns out this wasn't a few days.

And I couldn't figure out a nice way to fix things up properly.
So no patch sorry :(.  However, I think the original bug can be
closed, because there is now an option to set the DH key size.

Lawrence
-- 
Lawrence Mitchell <wence <at> gmx.li>
This bug report was last modified 13 years and 182 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.