[Help-gnutls] Re: Diffie Hellman size?

Simon Josefsson simon at josefsson.org
Tue Apr 15 09:39:11 CEST 2008


Martin Lambers <marlam at marlam.de> writes:

> Hello all!
>
> I had a few reports of failures with msmtp using GnuTLS:
> "The Diffie Hellman prime sent by the server is not acceptable
> (not long enough)". See for example
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440344 .
>
> It is possible to solve this by adding the line
> gnutls_dh_set_prime_bits(session, 512);
>
> However, there's certainly a reason why the required length was changed,
> though I cannot find a related ChangeLog or NEWS entry.

I found the change, it was made roughly 5 years ago:

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=7ebb6052d54458a33e5ba18d2c352db6652e6b91

There is a Changelog entry for it, in ChangeLog.1.  No NEWS entry
though.

> Is it ok to reduce the the required length, or does this have security
> implications?

I can't seem to find a good reference for this.  RFC 4419 seems to
suggest 1024 bits for SSH, but it is not clear if the same
considerations apply to TLS.  RFC 3766 is rather vague, but suggests
that 2*K should be ok, where K is the needed symmetric key size.  From
that 512 bits would be ok, but that makes me confused why RFC 4419
requires more.  It would be nice to have a better answer for your
question.

Nikos, do you recall why you changed the default here?

> Can the new function gnutls_priority_init() be used instead of
> gnutls_dh_set_prime_bits()? Then the user could set all his special TLS
> session requirements using a single interface. That would be nice.

Good idea, that should definitely be supported:

http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/29

Patches welcome. ;)

/Simon





More information about the Gnutls-help mailing list