From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#9036: [PATCH] gnutls: Add option to set minimum acceptable Diffie-Hellman key size Date: Sat, 16 Jul 2011 18:08:36 +0200 Message-ID: References: <87ei1zpl0x.fsf@ed.ac.uk> <87zkkefrl9.fsf@gmx.li> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1310833036 22038 80.91.229.12 (16 Jul 2011 16:17:16 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 16 Jul 2011 16:17:16 +0000 (UTC) Cc: 9036@debbugs.gnu.org To: Lawrence Mitchell Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jul 16 18:17:12 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Qi7YG-00055i-Jf for geb-bug-gnu-emacs@m.gmane.org; Sat, 16 Jul 2011 18:17:12 +0200 Original-Received: from localhost ([::1]:51717 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qi7YF-000207-N2 for geb-bug-gnu-emacs@m.gmane.org; Sat, 16 Jul 2011 12:17:11 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:34095) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qi7QP-0000Aa-6j for bug-gnu-emacs@gnu.org; Sat, 16 Jul 2011 12:09:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Qi7QM-0001im-Vo for bug-gnu-emacs@gnu.org; Sat, 16 Jul 2011 12:09:04 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:39123) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qi7QM-0001ii-MY for bug-gnu-emacs@gnu.org; Sat, 16 Jul 2011 12:09:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1Qi7QM-0005DU-1q; Sat, 16 Jul 2011 12:09:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Magne Ingebrigtsen Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 16 Jul 2011 16:09:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 9036 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 9036-submit@debbugs.gnu.org id=B9036.131083253420038 (code B ref 9036); Sat, 16 Jul 2011 16:09:01 +0000 Original-Received: (at 9036) by debbugs.gnu.org; 16 Jul 2011 16:08:54 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qi7QD-0005D9-Nc for submit@debbugs.gnu.org; Sat, 16 Jul 2011 12:08:54 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qi7QB-0005Ct-3I for 9036@debbugs.gnu.org; Sat, 16 Jul 2011 12:08:52 -0400 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=quimbies.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Qi7Pz-0001aX-0h; Sat, 16 Jul 2011 18:08:39 +0200 In-Reply-To: <87zkkefrl9.fsf@gmx.li> (Lawrence Mitchell's message of "Sat, 16 Jul 2011 11:27:30 +0100") User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEUzGBd3OiNfMB+BRCiK UzCMbkK+s4pcbVUqAAACY0lEQVQ4jU3UwZKjIBAA0JaYOQdx5owEc1bAPRvFPWejcJ+pgf//hG2i MemqVIwv3SDQQkxRabvFOGqtaUsLeAAzdg+z2gZaM6Yp0y3VlNKW6S2DDmKPCj/s/Cyl3mqlOG+l jDpB7Zy7gbgQAJ7LDVzfALkmqG8NGH44tA8IrGkIqTsECICR5XqFSp0IpZ2br5PDUnDYIJqhATHg IG5aLICSL+iBFOWypBldAXJpnrMaAKe12LFMhGBX0KqHg1+sAiDG+h2CVprnwY6Qc8imeHuDFsBZ dfQ+uBh/3qDBMWbuH4Vj2MGonkA5irQIPvr4BraHDgFL3eEdrl0P0n7G6MNcH1+lbKsGIkccwoXg eChfg6vmIKd06cICF/uCYQCCE42/f/FnbZ7A1MCBjHg546xiPcnxCQp32sWAz7d45xYE51Yw0+Tj /RgGLLc4LJU2wWEp3I0YeG7T/5wrxxW0sqJzcYDjgg8eFis3oGqoav8teB0+gnfXstyhF9LdRfb1 62/eUVnqBywUz9VpPlXV5eb4nyX7fEFDiqFg1ZE7fnHZJ3tCMQiqBMuOlzscp8q+APej4gpU7RCo Ye0DZiyVgWhFF3xs8u5HyjVjTksC8FngOuEpnfrnrOaqaQvOJS5HOrrilD8z6Empipg6RrxPyO1w 3qG5iuKCCTyJegcq+AeeqNQERJoN/jGcbp2Ox5AyQOxwxkP9hXf88MgQcoN7gorD4RtS23Aitwe8 02LRrNUd9oc2LbO23KAqRux+s/U0vj/kDmvv40uEFuvVCoLqNTAnfSGvgC2r34LuQHGENfDFtNJ/ r8n/HDAzPxkAAAAASUVORK5CYII= X-Now-Playing: Joni Mitchell's _Taming the Tiger_: "Taming the Tiger" X-Hashcash: 1:23:110716:wence@gmx.li::XMojBIGhWhKVolGN:000006xQW X-Hashcash: 1:23:110716:9036@debbugs.gnu.org::B84p3ijS1VI8ydRh:00000000000000000000000000000000000000000GiTa X-MailScanner-ID: 1Qi7Pz-0001aX-0h MailScanner-NULL-Check: 1311437319.0893@x2qMHQa/B+OAxLfvxBSVzg X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Sat, 16 Jul 2011 12:09:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:49256 Archived-At: Lawrence Mitchell writes: > The handshake returns GNUTLS_E_DH_PRIME_UNACCEPTABLE if the > number of server prime bits is too low. I don't know how to > query the size of the server prime. Maybe > gnutls_dh_get_prime_bits? I'm wary to automatically adjust > downwards. I think adjusting it downwards automatically until you reach a (user-definable) absolute lower limit would be fine. But I have no idea what an acceptable default lower limit would be, or what the impact on security this would have. > A better error message (pointing at the existance of > gnutls-min-prime-bits) in the case of this failure mode would > probably be good though. I'll try and cook up a patch in the > next few days. Great! -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/