[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#11267: 24.0.95; gnutls.c:  (Emacs) fatal error: The Diffie-He
n . mavrogiannopoulos
Re: bug#11267: 24.0.95; gnutls.c:  (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Fri, 18 May 2012 04:38:01 -0700 (PDT)
On Tuesday, May 15, 2012 10:24:56 AM UTC+2, Ted Zlatanov wrote:
> On Sun, 13 May 2012 21:04:24 +0200 Lars Magne Ingebrigtsen <address@hidden>
> LMI> "Roland Winkler" <address@hidden> writes:
> >> Also, it would be good (though I don't know whether a generic answer
> >> is possible) to give some guidance on "reasonable" values for
> >> `gnutls-min-prime-bits' as compared to cases where it would be
> >> better to contact the sysadmin of the server requesting a change in
> >> the setup of the server.
> LMI> Yeah. And I think `gnutls-min-prime-bits' should default to whatever
> LMI> that "reasonable" is, because there's apparently quite a few servers out
> LMI> there that has less bits than whatever the GnuTLS default is. Which
> LMI> isn't a very good user experience.
> I'm OK with lowering it to 256.
Note that Diffie-Hellman group of 256-bits means that the communication can be
decrypted by someone that stored the session. The default minimum accepted
value in gnutls is already weak according to  (727 bits) but a good balance
between security and compatibility. (other implementations like NSS have
If you need to support weaker servers you could warn your users of the