[gnutls-dev]Re: Bug#176037: gnutls_handshake: DH_PRIME_UNACCEPTABLE

Nikos Mavroyanopoulos nmav@gnutls.org
Mon Feb 10 22:39:02 2003


On Mon, Feb 10, 2003 at 09:18:16PM +0000, Andrew McDonald wrote:

> > When I try to open the mailbox 'imap://po11.mit.edu/INBOX' with Debian
> > mutt 1.4.0-4 or -5 and imap_force_ssl=yes, I get the error message
> > 'gnutls_handshake: DH_PRIME_UNACCEPTABLE' with libgnutls5 0.5.9-2
> > installed, and 'gnutls_handshake: The Diffie Hellman prime sent by the
> > server is not acceptabl', when libgnutls5 0.6.0-2 is installed.  In
> > both cases, opening the mailbox fails.  Mozilla has no trouble using
> > IMAP with SSL on this server.
> Hmm.
> What's the server running? I'm wondering if there's something dodgy
> about it's ephemeral Diffie-Hellman support.
This sounds like the server sends a prime of less than 768 bits.
By default gnutls-0.6.x will reject such primes. 

A solution might be to call gnutls_dh_set_prime_bits() with
a value less than 512.

> -- 
> Andrew McDonald
> E-mail: andrew@mcdonald.org.uk
> http://www.mcdonald.org.uk/andrew/

-- 
Nikos Mavroyanopoulos