[gnutls-help] gnutls_dh_set_prime_bits question

Ted Zlatanov tzz at lifelogs.com
Mon Jul 1 14:31:28 CEST 2013

(I know the function is deprecated in a recent 3.x, but this is a
general behavior question.)

Emacs users are wondering about the negotiation behavior with the DH
minimum bits.  Currently Emacs uses `gnutls_dh_set_prime_bits' and the
users can set it very low, 256 for instance.  We understand that's
insecure, but want to know about the negotiation: can it go up?  Are
there any rules?  Some IMAP servers, for instance, refuse to connect if
it's over 256 (the full story is in an Emacs bug discussion).

I looked around but the best I could find was a SSH-related RFC that
discusses this negotiation.  I would appreciate some information
regarding the behavior of GnuTLS (and possibly OpenSSL and others, as a


More information about the Gnutls-help mailing list