[gnutls-help] Generating DH Parameters larger than 3072 bits

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Dec 16 13:00:14 CET 2014

On Mon, 2014-12-15 at 05:57 +0200, Yan Fiz wrote:
> $ certtool --generate-dh-params --bits 4096 --outfile server.p3
> --debug 9999
> Setting log level to 9999
> ** Note: Please use the --sec-param instead of --bits
> Generating DH parameters (4096 bits)...
> (might take long time)

Unfortunately that is a known issue in the 3.3.x release. You will need
need nettle-2.7.1 with the attached patch in order to generate
parameters larger than 3072 bits. I'll send that patch to the nettle
maintainer, but I find it unlikely to have a new 2.7.x release.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-allow-the-usage-of-arbitrary-q_bits-sizes-in-DSA-key.patch
Type: text/x-patch
Size: 630 bytes
Desc: not available
URL: </pipermail/attachments/20141216/a7ef956d/attachment-0001.bin>

More information about the Gnutls-help mailing list