bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellma

From: Roland Winkler
Subject: bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Date: Thu, 19 Apr 2012 06:04:13 -0500 
On Wed Apr 18 2012 Glenn Morris wrote:
> > Despite these error messages, Emacs is sending the mails I want to
> > send. In that sense, I cannot tell how relevant these error messages are.
> 
> Me neither. I think it means it is falling back to a non-encrypted
> connection. You can try setting gnutls-min-prime-bits.
> 
> If that is so, the error message should probably say something along
> those lines.

You are right. The "fatal error" disappears if I set
gnutls-min-prime-bits to 256. Yet this choice was just a guess based
on the custom declaration of this variable that suggests a value of
512.

I would appreciate if someone more knowledgable could review the
error messages that I have seen such that they become more helpful
for a nonexpert. Also it would be great if the docstring of
gnutls-min-prime-bits was more precise.

- What is the default value used for min-prime-bits if
  gnutls-min-prime-bits is nil?

- What are reasonable values for this variable such that a safe
  client-server handshake remains possible, if one needs to customize
  this variable? (Or the other way round: if a server wants to use a
  prime that is too small, it might really be the better solution to
  contact its sysadmin. Yet I couldn't tell when a prime falls below
  such a threshold.)

Thanks,

Roland
reply via email to
[Prev in Thread] Current Thread [Next in Thread]