Feature req: DH prime bitsize query

Phil Pennock help-gnutls-phil at spodhuis.org
Sun May 27 16:14:07 CEST 2012

On 2012-05-27 at 13:04 +0200, Nikos Mavrogiannopoulos wrote:
> On 05/27/2012 07:24 AM, Phil Pennock wrote:
> > Folks,
> > 
> > When gnutls_dh_params_generate2() is used to generate DH parameters of a
> > particular size, it has a tendency to overshoot.
> > 
> > Asking for 2236 bits, a 2237 bit prime seems to be fairly common.
> Is that an issue for you? Because the bits on the various security
> levels are a result of some interpolation being extreme precise in the
> size of bits doesn't make IMO much sense. GnuTLS will make sure however
> that there will be at least so many bits.

It is when 2236 is the limit used by NSS and we're clamping down the
result of
  gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL)
to try to avoid breaking clients.

What I've actually done is grab the primes from RFCs 2409, 3526 and
5114, converted to PKCS#3 and built those into Exim as constants, and
chosen the 2048 bit prime from section 2.2 of RFC 5114 (IKE id 23) as
the default.

So by default, the new release of Exim will use vetted primes which are
within bounds, and generating the DH params using GnuTLS becomes the
non-default behaviour, thus preserving interoperability.


More information about the Gnutls-help mailing list