[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min
|
From: |
Ted Zlatanov |
|
Subject: |
bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). |
|
Date: |
Tue, 11 Feb 2014 18:54:49 -0500 |
|
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Tue, 11 Feb 2014 16:49:06 -0600 "Roland Winkler" <winkler@gnu.org> wrote:
RW> On Tue Feb 11 2014 Ted Zlatanov wrote:
>> So my proposal is simply to provide two buttons "allow host X to
>> connect with lower DHE security [temporarily] [permanently]" and
>> when the button is clicked, customize `gnutls-algorithm-priority'
>> to allow DHE to that specific host.
>>
>> `gnutls-negotiate' has to be changed slightly and the connection
>> rejection from insecure hosts will need to be handled in gnutls.c
>> and gnutls.el.
>>
>> I think that's as seamless as we can make it, especially noting
>> that `gnutls-min-prime-bits' is deprecated since GnuTLS 3.1.7 (see
>> http://www.gnutls.org/manual/gnutls.html#index-gnutls_005fdh_005fset_005fprime_005fbits).
>>
>> If we provide that simple UI, plus some help messaging, I think we
>> can disable DHE by default. Based on Nikos' explanation, it seems
>> to be the best way forward.
RW> Whatever customizability will be provided (permanently or
RW> temporarily on the fly), I'd find it most important to have
RW> documentation that allows the user to put the choices into
RW> perspective. -- Is this feasible? Certainly, we cannot expect that
RW> the average user who is offered a pop-up menu with choices "allow
RW> host X to connect with lower DHE security [temporarily]
RW> [permanently]" that he can readily understand its implications and
RW> put it into perspective. (DHE security lower than what? Lower by
RW> how much? How insecure is that?)
I'm sure we can come up with more helpful messaging. Does it have
to fit in 78 chars? Can we use buttons? If so, it could be like this,
going over 78 but not too much:
!! remote host X requires lower security [OK once] [OK always] [Cancel] [?]
With the ? taking the user to more details: a help message or even the
relevant section of gnutls.texi
If we can use a multi-line message it becomes easier, certainly.
The buttons could instead be a simple (y,Y,n,?) prompt. But that could
be confusing to the inexperienced users we're trying to help.
I need some guidance :) I don't know if this has been implemented in
another part of Emacs or other packages.
Thanks
Ted
- bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, Ted Zlatanov, 2014/02/09
- bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, Lars Ingebrigtsen, 2014/02/09
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Ted Zlatanov, 2014/02/10
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Ingebrigtsen, 2014/02/11
- bug#16253: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Nikos Mavrogiannopoulos, 2014/02/11
- bug#15057: bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Ted Zlatanov, 2014/02/11
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Roland Winkler, 2014/02/11
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).,
Ted Zlatanov <=
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Ingebrigtsen, 2014/02/11
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough), Ted Zlatanov, 2014/02/12
- bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough)., Lars Ingebrigtsen, 2014/02/11