[gnutls-help] gnutls_dh_set_prime_bits question

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jul 1 22:45:17 CEST 2013

On 07/01/2013 02:31 PM, Ted Zlatanov wrote:
> (I know the function is deprecated in a recent 3.x, but this is a
> general behavior question.)
> Emacs users are wondering about the negotiation behavior with the DH
> minimum bits.  Currently Emacs uses `gnutls_dh_set_prime_bits' and the
> users can set it very low, 256 for instance.  We understand that's
> insecure,

256 bits, means that it is a matter of minutes to recover the keys used
in the session in a modern PC.

> but want to know about the negotiation: can it go up?  Are
> there any rules?  Some IMAP servers, for instance, refuse to connect if
> it's over 256 (the full story is in an Emacs bug discussion).

I don't quite understand what do you mean about going up. However, the
problem is in the DHE ciphersuites that do not allow the client to
notify the server of its security threshold for the parameters. You are
better off using the ECDHE equivalents (in recent gnutls version they
take precedence over DHE).


More information about the Gnutls-help mailing list