[sr #107623] Priority string "SECURITY256" seemingly no longer supports DSA keys
Nikos Mavrogiannopoulos
INVALID.NOREPLY at gnu.org
Tue Mar 15 23:59:04 CET 2011
Update of sr #107623 (project gnutls):
Status: None => In Progress
Assigned to: None => nmav
_______________________________________________________
Follow-up Comment #1:
Hello,
I've committed a fix that might solve your issue. The commit is at:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git
Patches:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=c5f804fa369d493d9587a51b7a262ced7b378811
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=67cc6539269fe8dbe6b0c436dcbc4033c92fa0dd
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=946ad46eb1ed66e5c48b881e20fd2464af7e81f8
However some notes. Gnutls prefers openpgp keys to have a DSA or RSA subkey
(ELG is not supported by TLS and using the master key is not wise). Moreover
DSA keys of more than 1024 bits are not very well defined in the TLS protocol.
The missing parts are filled in by gnutls and thus might not interoperate
correctly with other implementations. If you want to be on the safe side
either use DSA-1024 or RSA of any size.
Please let me know if the patches solve your issue.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107623>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list