[sr #107623] Priority string "SECURITY256" seemingly no longer supports DSA keys

Nikos Mavrogiannopoulos INVALID.NOREPLY at gnu.org
Tue Mar 15 23:59:04 CET 2011


Update of sr #107623 (project gnutls):

                  Status:                    None => In Progress            
             Assigned to:                    None => nmav                   

    _______________________________________________________

Follow-up Comment #1:

Hello,
 I've committed a fix that might solve your issue. The commit is at:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git
Patches:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=c5f804fa369d493d9587a51b7a262ced7b378811
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=67cc6539269fe8dbe6b0c436dcbc4033c92fa0dd
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=946ad46eb1ed66e5c48b881e20fd2464af7e81f8

However some notes. Gnutls prefers openpgp keys to have a DSA or RSA subkey
(ELG is not supported by TLS and using the master key is not wise). Moreover
DSA keys of more than 1024 bits are not very well defined in the TLS protocol.
The missing parts are filled in by gnutls and thus might not interoperate
correctly with other implementations. If you want to be on the safe side
either use DSA-1024 or RSA of any size.

Please let me know if the patches solve your issue.



    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107623>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





More information about the Gnutls-devel mailing list