[gnutls-help] gnutls_dh_set_prime_bits question
Ted Zlatanov
tzz at lifelogs.com
Mon Jul 1 14:31:28 CEST 2013
(I know the function is deprecated in a recent 3.x, but this is a
general behavior question.)
Emacs users are wondering about the negotiation behavior with the DH
minimum bits. Currently Emacs uses `gnutls_dh_set_prime_bits' and the
users can set it very low, 256 for instance. We understand that's
insecure, but want to know about the negotiation: can it go up? Are
there any rules? Some IMAP servers, for instance, refuse to connect if
it's over 256 (the full story is in an Emacs bug discussion).
I looked around but the best I could find was a SSH-related RFC that
discusses this negotiation. I would appreciate some information
regarding the behavior of GnuTLS (and possibly OpenSSL and others, as a
comparison).
Ted
More information about the Gnutls-help
mailing list