[gnutls-help] too few bits from gnutls_dh_params_generate2() ?
ossman at cendio.se
Tue Nov 11 07:58:03 CET 2014
On Mon, 10 Nov 2014 11:48:13 -1000
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> Hi Pierre--
> On Mon 2014-11-10 08:25:56 -1000, Pierre Ossman wrote:
> > We're having some interoperability issues between Java's SSLEngine and
> > GnuTLS in TigerVNC.
> what version of Java and its SSLEngine are you using?
Fedora's IcedTea 1.7.0. 2.5.3, whatever that means. Some form of
OpenJDK 7 I guess?
> > One example set of parameters I've gotten:
> >> TLS: DH prime:
> >> 691e93a4e2dcd04a785abd633b6c066c404809815b6983f140fa8e0cad702ffffd15e7b8361e9924858494df07a7cff50d1b971e4ce1ab396647183b4222aded580f7a079203980c952e8443e2dde055793307c407c686c34af4a5309077023f078e0443bb4b5662c20af6af6958a8d2a2c52a50267428dac8e15d7777b49d6b
> >> TLS: DH generator:
> >> 5783a44a1aae0e098a9474b191251397812fc201f4e38d58e9ea96f2a83793a2468f9bbc55c82b6e4c55e6674ef23db59de38f3446d1c6b84f5837f350d9b1598abe09c79a83c39402bcc53c9f4444b76bdb0f6b4c0a5ccbd3bf76a794f4e307912127bffcc81261ae4ae3bf36a20a02ec65251e4778a8e58e11f22e685bbf59
> >> TLS: DH bits: 158
> what is this output from? I'm not sure how to reconcile the "DH bits:
> 158" with the other data.
It was generated like this:
if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_dh_params_generate2 failed");
gnutls_datum_t p, g;
unsigned int b;
gnutls_dh_params_export_raw(dh_params, &p, &g, &b);
sz = sizeof(buffer);
gnutls_hex_encode(&p, buffer, &sz);
vlog.debug("DH prime: %s", buffer);
sz = sizeof(buffer);
gnutls_hex_encode(&g, buffer, &sz);
vlog.debug("DH generator: %s", buffer);
vlog.debug("DH bits: %u", b);
> have you reported this bug to java? it sounds like they should not be
> doing this.
No. I found it a bit difficult to submit a good bug report as can't say
I'm familiar with DH beyond stating that Java and GnuTLS don't like each
(It's also far from obvious how you report bugs to them)
Pierre Ossman Software Development
Cendio AB http://cendio.com
Teknikringen 8 http://twitter.com/ThinLinc
583 30 Linköping http://facebook.com/ThinLinc
Phone: +46-13-214600 http://plus.google.com/112509906846170010689
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 213 bytes
Desc: not available
More information about the Gnutls-help