[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits
From: |
Lars Magne Ingebrigtsen |
Subject: |
bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits |
Date: |
Sun, 11 Aug 2013 22:03:46 +0200 |
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
Tassilo Horn <tsdh@gnu.org> writes:
> When TLS support landed and Gnus used it, I frequently had messages like
> "the Diffie-Hellman prime has been lowered to XXX bits" for XXX being
> 256(?) or something like that. Then I've set
The fix here is to make that warning go away. But we're moving to a new
version of gnutls, so nobody has taken the time to twiddle with warning
from the old version of the gnutls library.
> Would it be possible to have a new variable
> `gnutls-preferred-prime-bits' which is tried first for every connection?
> If the server doesn't want to, you'd get a warning and the number of
> bits would be lowered, but never below `gnutls-min-prime-bits' which
> would still be the hard limit where you get an error.
gnutls will try to use as high a number of bits as the server supports,
I think? So the variables are fine as they are -- they will give you
all the security that the server says that it can provide.
So the warning is kinda semi-bogus. Or at least ... premature.
--
(domestic pets only, the antidote for overdose, milk.)
No Gnus T-Shirt for sale: http://ingebrigtsen.no/no.php
and http://lars.ingebrigtsen.no/2013/08/twenty-years-of-september.html