[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#9036: [PATCH] gnutls: Add option to set minimum acceptable Diffie-He
From: |
Lawrence Mitchell |
Subject: |
bug#9036: [PATCH] gnutls: Add option to set minimum acceptable Diffie-Hellman key size |
Date: |
Thu, 10 Nov 2011 15:21:54 +0000 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.91 (gnu/linux) |
Lars Magne Ingebrigtsen wrote:
> Lawrence Mitchell <wence@gmx.li> writes:
>> The handshake returns GNUTLS_E_DH_PRIME_UNACCEPTABLE if the
>> number of server prime bits is too low. I don't know how to
>> query the size of the server prime. Maybe
>> gnutls_dh_get_prime_bits? I'm wary to automatically adjust
>> downwards.
> I think adjusting it downwards automatically until you reach a
> (user-definable) absolute lower limit would be fine. But I have no idea
> what an acceptable default lower limit would be, or what the impact on
> security this would have.
>> A better error message (pointing at the existance of
>> gnutls-min-prime-bits) in the case of this failure mode would
>> probably be good though. I'll try and cook up a patch in the
>> next few days.
> Great!
So it turns out this wasn't a few days.
And I couldn't figure out a nice way to fix things up properly.
So no patch sorry :(. However, I think the original bug can be
closed, because there is now an option to set the DH key size.
Lawrence
--
Lawrence Mitchell <wence@gmx.li>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#9036: [PATCH] gnutls: Add option to set minimum acceptable Diffie-Hellman key size,
Lawrence Mitchell <=