[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits
From: |
Ted Zlatanov |
Subject: |
bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits |
Date: |
Sun, 09 Feb 2014 21:15:48 -0500 |
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Thu, 30 Jan 2014 16:46:43 -0800 Lars Ingebrigtsen <larsi@gnus.org> wrote:
LI> Ted Zlatanov <tzz@lifelogs.com> writes:
LMI> gnutls will try to use as high a number of bits as the server supports,
LMI> I think? So the variables are fine as they are -- they will give you
LMI> all the security that the server says that it can provide.
>>
LMI> So the warning is kinda semi-bogus. Or at least ... premature.
>>
>> It's complicated and depends on the specific TLS priority string on the
>> client and the server's preferences; e.g. ECC seems to negotiate in a
>> completely different way. I asked on the gnutls-devel mailing list and
>> there's just no good answer AFAICT.
LI> But we're specifying the minimum prime bits that we accept. Surely the
LI> client and server will negotiate the maximum possible bits they both
LI> accept?
See http://thread.gmane.org/gmane.network.gnutls.general/3181/focus=3299
Try, first of all, appending `!DHE-RSA:!DHE-DSS' to your GnuTLS priority
string to disable DHE. ECDHE will not have the minimum bits message,
ever, IIUC.
The suggestion from Nikos was to make the above the *default* for all
connections. I'm OK with that, if it works for you.
Ted
- bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits,
Ted Zlatanov <=
- bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, Lars Ingebrigtsen, 2014/02/09
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Ted Zlatanov, 2014/02/10
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Ingebrigtsen, 2014/02/11
- bug#16253: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Nikos Mavrogiannopoulos, 2014/02/11
- bug#15057: bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Ted Zlatanov, 2014/02/11
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2014/02/11
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Ted Zlatanov, 2014/02/11
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Ingebrigtsen, 2014/02/11
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough), Ted Zlatanov, 2014/02/12
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Ingebrigtsen, 2014/02/11