[gnutls-devel] [PATCH] Correct audit log: gnutls_dh_set_prime_bits(s, 0) falls back to security level
nmav at gnutls.org
Sat Nov 2 08:38:21 CET 2013
On 11/01/2013 01:15 AM, Daniel Kahn Gillmor wrote:
> Currently, when invoking gnutls_dh_set_prime_bits(s, 0), the audit log
> claims "Note that the security level of the Diffie-Hellman key
> exchange has been lowered to 0 bits and this may allow decryption of
> the session data". This is incorrect, since setting dh_prime_bits to
> 0 actually makes GnuTLS rely on the default security level requested.
Nice catch, but this isn't a documented option. I think it would be
better if it would print nothing when setting it to zero.
More information about the Gnutls-devel