[Help-gnutls] Diffie Hellman size?
Martin Lambers
marlam at marlam.de
Tue Apr 15 07:13:47 CEST 2008
Hello all!
I had a few reports of failures with msmtp using GnuTLS:
"The Diffie Hellman prime sent by the server is not acceptable
(not long enough)". See for example
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440344 .
It is possible to solve this by adding the line
gnutls_dh_set_prime_bits(session, 512);
However, there's certainly a reason why the required length was changed,
though I cannot find a related ChangeLog or NEWS entry.
Is it ok to reduce the the required length, or does this have security
implications?
Can the new function gnutls_priority_init() be used instead of
gnutls_dh_set_prime_bits()? Then the user could set all his special TLS
session requirements using a single interface. That would be nice.
Martin
More information about the Gnutls-help
mailing list