[gnutls-devel] Bug#750094: Misleading warning
jch at pps.univ-paris-diderot.fr
Wed Jun 4 23:29:56 CEST 2014
Hi Daniel, nice to meet you.
>> |<1>| Note that the security level of the Diffie-Hellman key exchange
>> has been lowered to 256 bits and this may allow decryption of the
>> session data
> 0) a warning that the configuration has lowered the DH key exchange
> strength and may cause weakness (what we're seeing here) -- Juliusz, can
> you propose an alternate text for this warning?
Note that the current configuration of either gnutls or your client
software allows Diffie-Hellman key exchange to succeed with as little as
256 bits, which is not enough to guarantee a reasonable level of
security. Please reconfigure gnutls or your client software with a more
reasonable value (at least 1024, preferably 2048 or more).
Please tweak the values at will, I'm not a crypto specialist.
> 1) a warning in the _gnutls_audit_log when the dh bits is *actually*
> lower than whatever cutoff we deem to be absurdly unacceptable.
Yes, that would be helpful.
> I worry a little bit about either warning, mainly because it seems to
> imply that anything higher than 512 bits *won't* allow decryption of the
> session data, which probably isn't the case for, say, a 513-bit group :P
Very true, hence the "at least 1024, prerefably 2048 or more" in the
suggested message above.
More information about the Gnutls-devel