Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
> There are more problems with NSM than just these tests. One other
> thing I can think of is, if I've set `gnutls-min-prime-bits` to 2048,
> and presented with a cert with 1536 bits, NSM does nothing for me.
It's not supposed to -- the connection is stopped at the gnutls level.
Which is why that variable defaults to 256, so that the NSM can handle
the problem.