[gnutls-devel] weak dh issue

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed May 20 20:23:54 CEST 2015

On Wed, 2015-05-20 at 19:11 +0200, Kurt Roeckx wrote:
> On Wed, May 20, 2015 at 05:10:20PM +0200, Nikos Mavrogiannopoulos wrote:
> > According to https://weakdh.org/ there is a new attack which relies on
> > clients accepting weak DHE parameters. GnuTLS is unaffected by this
> > attack, and it seems like a good choice that we always imposed higher
> > standards for parameters than other implementations despite the many
> > bug reports [0] in the past.
> But you should consider changing the minimum to 1024 instead of
> the current 768.

Indeed, that attack provides a good opportunity for that. In fact the
only way to increase the security levels today is due to the publicity
of these attacks. Without that, it is an uphill battle to convince users
users and administrators that less than 1024-bit DH parameters is not
enough, when all the browsers connect to those sites with no warning.


More information about the Gnutls-devel mailing list