[gnutls-devel] Bug#750094: Misleading warning
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jun 3 00:33:40 CEST 2014
over on https://bugs.debian.org/750094,
On 06/01/2014 10:01 AM, Juliusz Chroboczek wrote:
> Package: gnutls-bin
> Version: 3.2.14-1
> Try the following:
> gnutls-cli --dh-bits 256 --starttls -p 80 www.debian.org
> It prints the following warning:
> |<1>| Note that the security level of the Diffie-Hellman key exchange
> has been lowered to 256 bits and this may allow decryption of the
> session data
> This warning is printed before any TLS negotiation happens, so it does not
> reflect the parameters that were actually negotiated. The wording should
> be changed in order to make it clear that the actual negotiated parameters
> might be different.
this can be replicated without the --starttls or -p 80, just with:
gnutls-cli --dh-bits 256 www.debian.org
the warning happens before the TLS handshake happens.
I'm forwarding this to the gnutls-devel mailing list.
It seems to me there could be two different kinds of warnings:
0) a warning that the configuration has lowered the DH key exchange
strength and may cause weakness (what we're seeing here) -- Juliusz, can
you propose an alternate text for this warning?
1) a warning in the _gnutls_audit_log when the dh bits is *actually*
lower than whatever cutoff we deem to be absurdly unacceptable.
I worry a little bit about either warning, mainly because it seems to
imply that anything higher than 512 bits *won't* allow decryption of the
session data, which probably isn't the case for, say, a 513-bit group :P
Nikos, any thoughts on what makes sense to do here?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1010 bytes
Desc: OpenPGP digital signature
More information about the Gnutls-devel