From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Roland Winkler" Newsgroups: gmane.emacs.bugs Subject: bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). Date: Tue, 24 Apr 2012 15:04:58 -0500 Message-ID: <20375.1898.39520.582160@gargle.gargle.HOWL> References: <874nsi12ng.fsf@niu.edu> <6mwr5d6l6e.fsf@fencepost.gnu.org> <20367.61741.640831.184941@gargle.gargle.HOWL> <20368.16452.379860.520133@gargle.gargle.HOWL> <87k4152t8j.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1335297920 4756 80.91.229.3 (24 Apr 2012 20:05:20 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 24 Apr 2012 20:05:20 +0000 (UTC) Cc: Lars Magne Ingebrigtsen , 11267@debbugs.gnu.org To: Ted Zlatanov Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Apr 24 22:05:18 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SMlzC-0000x5-Jt for geb-bug-gnu-emacs@m.gmane.org; Tue, 24 Apr 2012 22:05:18 +0200 Original-Received: from localhost ([::1]:54538 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SMlzB-0001Uv-VS for geb-bug-gnu-emacs@m.gmane.org; Tue, 24 Apr 2012 16:05:17 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:48307) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SMlz9-0001Uq-8b for bug-gnu-emacs@gnu.org; Tue, 24 Apr 2012 16:05:16 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SMlz7-0007Ci-Dp for bug-gnu-emacs@gnu.org; Tue, 24 Apr 2012 16:05:14 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:50106) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SMlz7-0007CZ-B5 for bug-gnu-emacs@gnu.org; Tue, 24 Apr 2012 16:05:13 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1SMlzt-0006Zv-NX for bug-gnu-emacs@gnu.org; Tue, 24 Apr 2012 16:06:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: "Roland Winkler" Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 24 Apr 2012 20:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 11267 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 11267-submit@debbugs.gnu.org id=B11267.133529795925276 (code B ref 11267); Tue, 24 Apr 2012 20:06:01 +0000 Original-Received: (at 11267) by debbugs.gnu.org; 24 Apr 2012 20:05:59 +0000 Original-Received: from localhost ([127.0.0.1]:51140 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1SMlzo-0006Za-7B for submit@debbugs.gnu.org; Tue, 24 Apr 2012 16:05:58 -0400 Original-Received: from fencepost.gnu.org ([208.118.235.10]:35170 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1SMlzl-0006ZT-BN for 11267@debbugs.gnu.org; Tue, 24 Apr 2012 16:05:54 -0400 Original-Received: from pd956c1ea.dip0.t-ipconnect.de ([217.86.193.234]:33543 helo=regnitz) by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1SMlyw-0002ca-Ac; Tue, 24 Apr 2012 16:05:02 -0400 In-Reply-To: <87k4152t8j.fsf@lifelogs.com> X-Mailer: VM 8.2 trial under 24.0.95.1 (x86_64-unknown-linux-gnu) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:59467 Archived-At: On Tue Apr 24 2012 Ted Zlatanov wrote: > The error is coming straight from GnuTLS. We can probably add a > Emacs-specific clarification to it, mentioning `gnutls-min-prime-bits'. > Would that be more helpful? Or should I add a FAQ section to > emacs-gnutls.texi? In my opinion (a user who does not know much about the internals of gnutls) mentioning `gnutls-min-prime-bits' by itself does not solve the problem because I find that the doc string of this variable is useful only for experts (see below). Kind of related: "fatal error" sounds rather frightening, in particular if one can only speculate how emacs worked around this error. This could be clarified. > Dropping down to fewer bits in the DH prime is AFAIK not a serious > concern: you're not exposing your communications, only making the > exchange of the secret key slightly less secure. So you're slightly > more vulnerable to a man-in-the-middle attack, but the connection itself > will be encrypted. You can only turn off encryption by changing the > priority string. If these details would be explained in the doc string of `gnutls-min-prime-bits' and / or emacs-gnutls.texi would be helpful. Also, it would be good (though I don't know whether a generic answer is possible) to give some guidance on "reasonable" values for `gnutls-min-prime-bits' as compared to cases where it would be better to contact the sysadmin of the server requesting a change in the setup of the server. Roland