From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/83424 Path: news.gmane.org!not-for-mail From: Tassilo Horn Newsgroups: gmane.emacs.gnus.general Subject: Re: gnutls.c warning Date: Fri, 28 Jun 2013 14:39:26 +0200 Message-ID: <87bo6q5s01.fsf@thinkpad.tsdh.de> References: <87fvw57tx5.wl%hskuhra@eumx.net> <87li5x5qxp.fsf@thinkpad.tsdh.de> <874ncjqwjd.fsf@lifelogs.com> <87li5vf9o2.wl%hskuhra@eumx.net> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1372423285 8329 80.91.229.3 (28 Jun 2013 12:41:25 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 28 Jun 2013 12:41:25 +0000 (UTC) Cc: ding@gnus.org To: "Herbert J. Skuhra" Original-X-From: ding-owner+M31684@lists.math.uh.edu Fri Jun 28 14:41:25 2013 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UsXzQ-0004sw-EU for ding-account@gmane.org; Fri, 28 Jun 2013 14:41:24 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1UsXxf-0001U5-JQ; Fri, 28 Jun 2013 07:39:35 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1UsXxd-0001Tv-Q6 for ding@lists.math.uh.edu; Fri, 28 Jun 2013 07:39:33 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1UsXxc-0000OE-7e for ding@lists.math.uh.edu; Fri, 28 Jun 2013 07:39:33 -0500 Original-Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1UsXxa-0000Ux-DQ for ding@gnus.org; Fri, 28 Jun 2013 14:39:30 +0200 Original-Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id A748220ECD; Fri, 28 Jun 2013 08:39:27 -0400 (EDT) Original-Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute4.internal (MEProxy); Fri, 28 Jun 2013 08:39:28 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=from:to:cc:subject:references:date :in-reply-to:message-id:mime-version:content-type; s=smtpout; bh=nEukR6VORx1a5lp423zpNnpXnB8=; b=Y/0Logp5Vyp1I/8i8ilWMwMJKowv cd2HE1GSGmn3Kva5MjRjUrtAzinVHrbZxzr+8X+b/lglFa8P3AaShPH57V6Dmm3l hwGbeBHYXYP3SkBBYpNLKPppf/lvqVytoZCKILoYMEC6kmCDR5JXZe8JxhmIH6zL 5ASYgUNqiIVfnZI= X-Sasl-enc: 85hyTqhis1v/tPY7cmrbQyCljiQRmY09U/UFIt+fYULy 1372423167 Original-Received: from thinkpad.tsdh.de (unknown [91.67.9.30]) by mail.messagingengine.com (Postfix) with ESMTPA id 397FCC00E81; Fri, 28 Jun 2013 08:39:27 -0400 (EDT) Mail-Followup-To: "Herbert J. Skuhra" , ding@gnus.org In-Reply-To: <87li5vf9o2.wl%hskuhra@eumx.net> (Herbert J. Skuhra's message of "Fri, 28 Jun 2013 00:53:01 +0200") User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) X-Spam-Score: -2.9 (--) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:83424 Archived-At: "Herbert J. Skuhra" writes: >> When the client (Emacs) and the server negotiate to 1024, for >> instance, everything is kosher. They will try for the highest >> number. > > Will they? > > With gnutls-min-prime-bits = 256: > > gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange > has been lowered to 256 bits and this may allow decryption of the session data > > With gnutls-min-prime-bits = 512: > > gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange > has been lowered to 512 bits and this may allow decryption of the session data > > The warning is gone if value is >= 768 or nil. Same here, so it looks like it's the other way round: they seem to negotiate the lowest number of prime bits the client is willing to accept. Or well, possibly servers can be configured to do it that way, cause I think I got that warning not with all IMAP servers I'm using. Bye, Tassilo