[gnutls-devel] priority string DHE parameter acceptance
n.mavrogiannopoulos at gmail.com
Tue Nov 5 21:39:08 CET 2013
On 11/05/2013 04:57 AM, Daniel Kahn Gillmor wrote:
> I'm having some difficulty following the logic behind the way the GnuTLS
> priority strings set what the minimum number of bits are required for
> the group used for DHE key exchange.
> I notice that if i set up a server using 1024-bit DHE, i get a different
> response from these two priority strings:
> Using the former priority string, connections complete, but using the
> latter priority string makes gnutls-cli refuse the connection at
> 1024-bit DHE. If the DHE group is larger (2048 bits), both strings
> allow connections to complete.
> My understanding of the priority string mechanism suggests that the two
> strings should have the same behavior. What am i missing?
Nothing, that doesn't make sense. It's a bug. I've figure it out, but it
seems a test case is needed there to avoid such issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 551 bytes
Desc: OpenPGP digital signature
More information about the Gnutls-devel