[gnutls-devel] [PATCH] Correct audit log: gnutls_dh_set_prime_bits(s, 0) falls back to security level

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 2 08:38:21 CET 2013

On 11/01/2013 01:15 AM, Daniel Kahn Gillmor wrote:
> Currently, when invoking gnutls_dh_set_prime_bits(s, 0), the audit log
> claims "Note that the security level of the Diffie-Hellman key
> exchange has been lowered to 0 bits and this may allow decryption of
> the session data".  This is incorrect, since setting dh_prime_bits to
> 0 actually makes GnuTLS rely on the default security level requested.

Nice catch, but this isn't a documented option. I think it would be
better if it would print nothing when setting it to zero.


More information about the Gnutls-devel mailing list