[gnutls-help] gnutls_dh_set_prime_bits question

[Nikos Mavrogiannopoulos]

On 07/09/2013 03:13 PM, Ted Zlatanov wrote:

> NM> On 07/02/2013 08:31 PM, Ted Zlatanov wrote:
>>> I think negotiating the connection twice is unacceptable for
>>> performance.  We have to find a way to do it in one attempt, even if the
>>> user has to configure something about the exceptional servers.  Can we
>>> always try ECDHE and only do DHE if the user tells us so?
> 
> NM>  You can always disable DHE. That way ECDHE will be negotiated with RSA
> NM> as fallback.
> 
> I'm sorry to keep asking, but I can't find this explicitly in the
> manual.  Maybe I'm looking in the wrong places.  From
> http://gnutls.org/manual/html_node/Priority-Strings.html I am guessing
> that:
> 
> 1) Including ANON-ECDH enables ECDHE

No. Anon-ECDH is for anonymous authentication. ECDHE-RSA and ECDHE-ECDSA
are for certificate authentication and are already enabled by NORMAL.

> 2) !DHE-RSA:!DHE-DSS disables DHE (not sure if DHE-RSA should be enabled for us)

Correct.

> 3) NORMAL enables DHE and ECDHE

Yes.

> It would be very nice if the initial keywords' description in that
> documentation page actually showed what's enabled by each one,
> especially "NORMAL".

Indeed, this may be useful. I should update that at some time.
You can see that using gnutls-cli -l --priority xxx.

> I also can't tell how to set the DH minimum prime bits in a priority
> string, if that's possible at all.

The initial keyword of the string sets the acceptable security level,
which at some later point it is translated on the minimum size of the
prime. Currently normal sets the value GNUTLS_SEC_PARAM_VERY_WEAK, which
is 727 bits of a prime. SECURE128 and 256 increase that value.

The idea was to have some consistency in the security levels, but given
the security levels offered by real-world servers, that would take some
time to occur.

> I can write additions to the manual to explain any of the above if you
> think they are needed.

That would be really helpful.

regards,
Nikos