From: Ted Zlatanov <tzz@lifelogs.com>
To: n.mavrogiannopoulos@gmail.com, winkler@gnu.org
Cc: 15057@debbugs.gnu.org, 16253@debbugs.gnu.org, 11267@debbugs.gnu.org
Subject: bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Date: Sun, 09 Feb 2014 21:39:28 -0500 [thread overview]
Message-ID: <87ob2f8zdr.fsf@lifelogs.com> (raw)
In-Reply-To: <b8ed28f0-e25f-457f-b44f-b224b017197b@googlegroups.com> (n. mavrogiannopoulos's message of "Fri, 18 May 2012 04:38:01 -0700 (PDT)")
On Fri, 18 May 2012 04:38:01 -0700 (PDT) n.mavrogiannopoulos@gmail.com wrote:
nm> On Tuesday, May 15, 2012 10:24:56 AM UTC+2, Ted Zlatanov wrote:
>> On Sun, 13 May 2012 21:04:24 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:
>>
LMI> "Roland Winkler" <winkler@gnu.org> writes:
>> >> Also, it would be good (though I don't know whether a generic answer
>> >> is possible) to give some guidance on "reasonable" values for
>> >> `gnutls-min-prime-bits' as compared to cases where it would be
>> >> better to contact the sysadmin of the server requesting a change in
>> >> the setup of the server.
>>
LMI> Yeah. And I think `gnutls-min-prime-bits' should default to whatever
LMI> that "reasonable" is, because there's apparently quite a few servers out
LMI> there that has less bits than whatever the GnuTLS default is. Which
LMI> isn't a very good user experience.
>>
>> I'm OK with lowering it to 256.
nm> Note that Diffie-Hellman group of 256-bits means that the communication can be
nm> decrypted by someone that stored the session. The default minimum
nm> accepted value in gnutls is already weak according to [0] (727 bits)
nm> but a good balance between security and compatibility. (other
nm> implementations like NSS have similar limits).
nm> If you need to support weaker servers you could warn your users of the consequences.
nm> [0]. http://www.keylength.com/en/3/
Hi Nikos,
We've continued the discussion in bug#15057 (about the min prime bits)
and bug#16253 (about the logging). I've copied all three bug trackers
on this e-mail. I hope that helps connect them for searches and when we
close them.
Roland, if you are satisfied with the direction taken in those bugs, we
can probably close this one.
Thanks
Ted
next prev parent reply other threads:[~2014-02-10 2:39 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-09 8:52 bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits Tassilo Horn
2013-08-11 20:03 ` Lars Magne Ingebrigtsen
2013-10-07 22:27 ` Ted Zlatanov
2014-01-31 0:46 ` Lars Ingebrigtsen
2014-02-10 2:15 ` Ted Zlatanov
2012-04-17 21:14 ` bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough) Roland Winkler
2012-04-18 16:48 ` Glenn Morris
2012-04-19 11:04 ` Roland Winkler
2012-04-19 16:19 ` Glenn Morris
2012-04-19 16:26 ` Lars Magne Ingebrigtsen
2012-04-19 16:31 ` Glenn Morris
2012-04-19 16:41 ` Roland Winkler
2012-04-24 12:45 ` Ted Zlatanov
2012-04-24 20:04 ` Roland Winkler
2012-05-13 19:04 ` Lars Magne Ingebrigtsen
2012-05-15 8:24 ` Ted Zlatanov
2012-05-15 15:16 ` Chong Yidong
[not found] ` <mailman.1129.1337070368.855.bug-gnu-emacs@gnu.org>
2012-05-18 11:38 ` n.mavrogiannopoulos
2014-02-10 2:39 ` Ted Zlatanov [this message]
2014-02-10 3:06 ` Roland Winkler
2014-02-10 8:28 ` Nikos Mavrogiannopoulos
2014-02-10 2:58 ` bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits Lars Ingebrigtsen
2014-02-10 10:52 ` bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough) Ted Zlatanov
2014-02-11 5:09 ` Lars Ingebrigtsen
2014-02-11 10:35 ` Nikos Mavrogiannopoulos
2014-02-11 14:21 ` bug#16253: bug#11267: " Ted Zlatanov
2014-02-11 22:49 ` Roland Winkler
2014-02-11 23:54 ` Ted Zlatanov
2014-02-12 4:30 ` bug#15057: " Lars Ingebrigtsen
2014-02-12 17:11 ` Ted Zlatanov
2014-02-12 4:29 ` Lars Ingebrigtsen
2014-12-08 19:43 ` bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits Lars Magne Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ob2f8zdr.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=11267@debbugs.gnu.org \
--cc=15057@debbugs.gnu.org \
--cc=16253@debbugs.gnu.org \
--cc=n.mavrogiannopoulos@gmail.com \
--cc=winkler@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).