Feature req: DH prime bitsize query

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun May 27 22:09:26 CEST 2012

On 05/27/2012 04:14 PM, Phil Pennock wrote:

>> Is that an issue for you? Because the bits on the various security
>> levels are a result of some interpolation being extreme precise in the
>> size of bits doesn't make IMO much sense. GnuTLS will make sure however
>> that there will be at least so many bits.

> It is when 2236 is the limit used by NSS and we're clamping down the
> result of
>   gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL)
> to try to avoid breaking clients.
> What I've actually done is grab the primes from RFCs 2409, 3526 and
> 5114, converted to PKCS#3 and built those into Exim as constants, and
> chosen the 2048 bit prime from section 2.2 of RFC 5114 (IKE id 23) as
> the default.

You could also use certtool --get-dh-params to get the parameters used
in SRP (which are mostly common with the IKE parameters). However those
parameters would be much slower than using the generated with gnutls
parameters (which contain a subgroup of the order of the security
parameter, to lower the load on the server).

> So by default, the new release of Exim will use vetted primes which are
> within bounds, and generating the DH params using GnuTLS becomes the
> non-default behaviour, thus preserving interoperability.

You could also generate parameters of smaller size (2048 bits) to allow
interoperability with NSS.


More information about the Gnutls-help mailing list