On Mon, 2014-12-15 at 05:57 +0200, Yan Fiz wrote:
> $ certtool --generate-dh-params --bits 4096 --outfile server.p3
> --debug 9999
> Setting log level to 9999
> ** Note: Please use the --sec-param instead of --bits
> Generating DH parameters (4096 bits)...
> (might take long time)

Unfortunately that is a known issue in the 3.3.x release. You will need
need nettle-2.7.1 with the attached patch in order to generate
parameters larger than 3072 bits. I'll send that patch to the nettle
maintainer, but I find it unlikely to have a new 2.7.x release.

regards,
Nikos

From c7ef2843dfca566fc67e6c8ffb601a05a60d24d9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <[email protected]>
Date: Tue, 16 Dec 2014 12:56:34 +0100
Subject: [PATCH] allow the usage of arbitrary q_bits sizes in DSA key
 generation

---
 dsa-keygen.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dsa-keygen.c b/dsa-keygen.c
index 1b84e49..65ad80f 100644
--- a/dsa-keygen.c
+++ b/dsa-keygen.c
@@ -61,7 +61,8 @@ dsa_generate_keypair(struct dsa_public_key *pub,
 	return 0;
       break;
     default:
-      return 0;
+      if (q_bits < 160)
+        return 0;
     }
 
   mpz_init (p0);
-- 
2.1.0

_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help

Reply via email to