[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#31946: 27.0.50; The NSM should warn about more TLS problems
From: |
Noam Postavsky |
Subject: |
bug#31946: 27.0.50; The NSM should warn about more TLS problems |
Date: |
Tue, 26 Jun 2018 08:44:23 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
> 4. For dh-small-subgroup and dh-composite, the only way to check this in
> LISP seems to be to supply `:min-prime-bits 2048` to
> `gnutls-boot-parameters`.
It only blocks dh-composite, not dh-small-subgroup for me. And I think
that's just a coincidence: dh-composite.badssl.com site sends a 2047 bit
DH "prime" while dh-small-subgroup.badssl.com sends a 2048 bit DH prime.
But it's certainly possible to send a 2048 bit composite as the "prime"
which would wouldn't be blocked either. I would guess the 2047 bit
parameter was intended to be 2048, but the top bit just happened to
generate as 0.
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/23
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/24
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Noam Postavsky, 2018/06/25
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/26
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Eli Zaretskii, 2018/06/26
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Noam Postavsky, 2018/06/26
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/27
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/27
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/27
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Eli Zaretskii, 2018/06/27
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/27
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/28