(I know the function is deprecated in a recent 3.x, but this is a general behavior question.)
Emacs users are wondering about the negotiation behavior with the DH minimum bits. Currently Emacs uses `gnutls_dh_set_prime_bits' and the users can set it very low, 256 for instance. We understand that's insecure, but want to know about the negotiation: can it go up? Are there any rules? Some IMAP servers, for instance, refuse to connect if it's over 256 (the full story is in an Emacs bug discussion). I looked around but the best I could find was a SSH-related RFC that discusses this negotiation. I would appreciate some information regarding the behavior of GnuTLS (and possibly OpenSSL and others, as a comparison). Ted _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
