[gnutls-devel] Bug#750094: Misleading warning

Juliusz Chroboczek jch at pps.univ-paris-diderot.fr
Wed Jun 4 23:29:56 CEST 2014

Hi Daniel, nice to meet you.

>> |<1>| Note that the security level of the Diffie-Hellman key exchange
>> has been lowered to 256 bits and this may allow decryption of the
>> session data

> 0) a warning that the configuration has lowered the DH key exchange
> strength and may cause weakness (what we're seeing here) -- Juliusz, can
> you propose an alternate text for this warning?

  Note that the current configuration of either gnutls or your client
  software allows Diffie-Hellman key exchange to succeed with as little as
  256 bits, which is not enough to guarantee a reasonable level of
  security.  Please reconfigure gnutls or your client software with a more
  reasonable value (at least 1024, preferably 2048 or more).

Please tweak the values at will, I'm not a crypto specialist.

> 1) a warning in the _gnutls_audit_log when the dh bits is *actually*
> lower than whatever cutoff we deem to be absurdly unacceptable.

Yes, that would be helpful.

> I worry a little bit about either warning, mainly because it seems to
> imply that anything higher than 512 bits *won't* allow decryption of the
> session data, which probably isn't the case for, say, a 513-bit group :P

Very true, hence the "at least 1024, prerefably 2048 or more" in the
suggested message above.

-- Juliusz

More information about the Gnutls-devel mailing list