[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellma
From: |
Roland Winkler |
Subject: |
bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). |
Date: |
Tue, 24 Apr 2012 15:04:58 -0500 |
On Tue Apr 24 2012 Ted Zlatanov wrote:
> The error is coming straight from GnuTLS. We can probably add a
> Emacs-specific clarification to it, mentioning `gnutls-min-prime-bits'.
> Would that be more helpful? Or should I add a FAQ section to
> emacs-gnutls.texi?
In my opinion (a user who does not know much about the internals of
gnutls) mentioning `gnutls-min-prime-bits' by itself does not solve
the problem because I find that the doc string of this variable is
useful only for experts (see below).
Kind of related: "fatal error" sounds rather frightening, in
particular if one can only speculate how emacs worked around this
error. This could be clarified.
> Dropping down to fewer bits in the DH prime is AFAIK not a serious
> concern: you're not exposing your communications, only making the
> exchange of the secret key slightly less secure. So you're slightly
> more vulnerable to a man-in-the-middle attack, but the connection itself
> will be encrypted. You can only turn off encryption by changing the
> priority string.
If these details would be explained in the doc string of
`gnutls-min-prime-bits' and / or emacs-gnutls.texi would be helpful.
Also, it would be good (though I don't know whether a generic answer
is possible) to give some guidance on "reasonable" values for
`gnutls-min-prime-bits' as compared to cases where it would be
better to contact the sysadmin of the server requesting a change in
the setup of the server.
Roland
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2012/04/17
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Glenn Morris, 2012/04/18
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Glenn Morris, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Magne Ingebrigtsen, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Glenn Morris, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2012/04/19
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Ted Zlatanov, 2012/04/24
- bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).,
Roland Winkler <=