[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellma
From: |
Ted Zlatanov |
Subject: |
bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). |
Date: |
Tue, 24 Apr 2012 08:45:48 -0400 |
User-agent: |
Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.1.50 (gnu/linux) |
On Thu, 19 Apr 2012 11:41:40 -0500 "Roland Winkler" <winkler@gnu.org> wrote:
RW> On Thu Apr 19 2012 Lars Magne Ingebrigtsen wrote:
>> Glenn Morris <rgm@gnu.org> writes:
>> > I also wonder how it can be safer to fall back to no encryption at all,
>> > rather than using weak encryption (if that is indeed what is happening).
>> > Maybe it's to prevent a false sense of security, or something.
>>
>> Are you sure that it's falling back to no encryption? If it really does
>> that, then that's pretty crappy behaviour, in my opinion.
RW> If the error message was more verbose, say by mentioning the
RW> fallback the code uses, this could help nonexpert users like us to
RW> understand the situation.
The error is coming straight from GnuTLS. We can probably add a
Emacs-specific clarification to it, mentioning `gnutls-min-prime-bits'.
Would that be more helpful? Or should I add a FAQ section to
emacs-gnutls.texi?
Usually this means the server should increase the size of the prime,
e.g. here are similar reports for msmtp and Sendmail:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461802
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440344
Dropping down to fewer bits in the DH prime is AFAIK not a serious
concern: you're not exposing your communications, only making the
exchange of the secret key slightly less secure. So you're slightly
more vulnerable to a man-in-the-middle attack, but the connection itself
will be encrypted. You can only turn off encryption by changing the
priority string.
ted
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2012/04/17
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Glenn Morris, 2012/04/18
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Glenn Morris, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Magne Ingebrigtsen, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Glenn Morris, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).,
Ted Zlatanov <=
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2012/04/24