[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellma

From: Ted Zlatanov
Subject: bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Date: Tue, 24 Apr 2012 08:45:48 -0400
User-agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.1.50 (gnu/linux)

On Thu, 19 Apr 2012 11:41:40 -0500 "Roland Winkler" <address@hidden> wrote: 

RW> On Thu Apr 19 2012 Lars Magne Ingebrigtsen wrote:
>> Glenn Morris <address@hidden> writes:
>> > I also wonder how it can be safer to fall back to no encryption at all,
>> > rather than using weak encryption (if that is indeed what is happening).
>> > Maybe it's to prevent a false sense of security, or something.
>> Are you sure that it's falling back to no encryption?  If it really does
>> that, then that's pretty crappy behaviour, in my opinion.

RW> If the error message was more verbose, say by mentioning the
RW> fallback the code uses, this could help nonexpert users like us to
RW> understand the situation.

The error is coming straight from GnuTLS.  We can probably add a
Emacs-specific clarification to it, mentioning `gnutls-min-prime-bits'.
Would that be more helpful?  Or should I add a FAQ section to

Usually this means the server should increase the size of the prime,
e.g. here are similar reports for msmtp and Sendmail:


Dropping down to fewer bits in the DH prime is AFAIK not a serious
concern: you're not exposing your communications, only making the
exchange of the secret key slightly less secure.  So you're slightly
more vulnerable to a man-in-the-middle attack, but the connection itself
will be encrypted.  You can only turn off encryption by changing the
priority string.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]