[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS/NSS interop in Exim 4.80 RC
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: GnuTLS/NSS interop in Exim 4.80 RC |
Date: |
Mon, 21 May 2012 11:41:14 +0200 |
On Mon, May 21, 2012 at 1:17 AM, Phil Pennock
<address@hidden> wrote:
> On 2012-05-20 at 16:24 +0200, Nikos Mavrogiannopoulos wrote:
>> From what I can tell it is the client for some reason terminates the
>> connection. What is the output on the client? Do you have a tcpdump of
>> the issue? Have you tried alternative priority strings than normal
>> [0]?
>>
>> [0].
>> http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html
> Janne Snabb has done better detective work than I and found that NSS has
> a hard-coded clamp on the number of DH bits used for ephemeral D-H and
> GnuTLS's return value from gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
> GNUTLS_SEC_PARAM_NORMAL) is over that limit.
That's very interesting. Our key sizes is according to recommendations
like ECRYPT [0]. What is the NSS limit? Did you report it to the NSS
people?
[0]. http://www.keylength.com/en/3/
regards,
Nikos
- GnuTLS/NSS interop in Exim 4.80 RC, Phil Pennock, 2012/05/20
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Phil Pennock, 2012/05/20
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Nikos Mavrogiannopoulos, 2012/05/20
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Phil Pennock, 2012/05/20
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Phil Pennock, 2012/05/20
- Re: GnuTLS/NSS interop in Exim 4.80 RC,
Nikos Mavrogiannopoulos <=
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Phil Pennock, 2012/05/21
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Phil Pennock, 2012/05/21
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Janne Snabb, 2012/05/22
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Nikos Mavrogiannopoulos, 2012/05/22
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Phil Pennock, 2012/05/22
- Re: GnuTLS/NSS interop in Exim 4.80 RC, Nikos Mavrogiannopoulos, 2012/05/22
- GnuTLS 3, BSD, netinet/ip.h, Phil Pennock, 2012/05/22
- Re: GnuTLS 3, BSD, netinet/ip.h, Nikos Mavrogiannopoulos, 2012/05/23
- Re: GnuTLS 3, BSD, netinet/ip.h, Phil Pennock, 2012/05/23
- Re: GnuTLS 3, BSD, netinet/ip.h, Nikos Mavrogiannopoulos, 2012/05/23