help-gnutls
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS/NSS interop in Exim 4.80 RC


From: Phil Pennock
Subject: Re: GnuTLS/NSS interop in Exim 4.80 RC
Date: Sun, 20 May 2012 19:17:04 -0400

On 2012-05-20 at 16:24 +0200, Nikos Mavrogiannopoulos wrote:
>  From what I can tell it is the client for some reason terminates the
> connection. What is the output on the client? Do you have a tcpdump of
> the issue? Have you tried alternative priority strings than normal
> [0]?
> 
> [0]. http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html

Janne Snabb has done better detective work than I and found that NSS has
a hard-coded clamp on the number of DH bits used for ephemeral D-H and
GnuTLS's return value from gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
GNUTLS_SEC_PARAM_NORMAL) is over that limit.

I'll add a clamp option to Exim and default it to the current NSS limit.

Thanks,
-Phil



reply via email to

[Prev in Thread] Current Thread [Next in Thread]