certtool --generate-dh-params: Size of generator in 2.12.19 and 3.0.19

Andreas Metzler ametzler at downhill.at.eu.org
Sun May 27 11:54:16 CEST 2012


certtool --generate-dh-params --bits 2236

seems to generate different things in GnuTLS 2.12.19 and 3.0.19. The
resulting files are of different size. certtool --dh-info show this:

ametzler at argenau:/tmp/dh$ for i in * ; do echo $i ;certtool --dh-info < $i | grep -E 'Generator |Prime ' ;echo ; done
Generator (8 bits): 05
Prime (2240 bits):

Generator (8 bits): 05
Prime (2240 bits):

Generator (2248 bits): 01:01:e8:5e:f1:b9:ad:0f:5a:eb:61:76
Prime (2248 bits):

Generator (2240 bits): 0f:bf:05:ea:18:02:e5:97:8e:81:17:c5
Prime (2240 bits):

+ 3.0.19 Uses a large value for Generator
+ In 3.0.19 the size of "Prime" is not constant.

("openssl dhparam" produces results similar to 2.12.19.)

Do DH paramater files generated with OpenSSL/GnuTLS-2.12.19 work fine with
GnuTLS-3.0.19, or the other way round do DH paramater files generated
with GnuTLS-3.0.19 work fine with OpenSSL/GnuTLS-2.12.19?

cu andreas

`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list