[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Diffie Hellman size?
|
From: |
Martin Lambers |
|
Subject: |
[Help-gnutls] Diffie Hellman size? |
|
Date: |
Tue, 15 Apr 2008 07:13:47 +0200 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
Hello all!
I had a few reports of failures with msmtp using GnuTLS:
"The Diffie Hellman prime sent by the server is not acceptable
(not long enough)". See for example
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440344 .
It is possible to solve this by adding the line
gnutls_dh_set_prime_bits(session, 512);
However, there's certainly a reason why the required length was changed,
though I cannot find a related ChangeLog or NEWS entry.
Is it ok to reduce the the required length, or does this have security
implications?
Can the new function gnutls_priority_init() be used instead of
gnutls_dh_set_prime_bits()? Then the user could set all his special TLS
session requirements using a single interface. That would be nice.
Martin
- [Help-gnutls] Diffie Hellman size?,
Martin Lambers <=