9 Jul 14:11
How to correctly set Diffie Hellman prime bits?
From: Lennart Koopmann <lennart <at> scopeport.org>
Subject: How to correctly set Diffie Hellman prime bits?
Newsgroups: gmane.network.gnutls.general
Date: 2008-07-09 12:15:36 GMT
Subject: How to correctly set Diffie Hellman prime bits?
Newsgroups: gmane.network.gnutls.general
Date: 2008-07-09 12:15:36 GMT
Hello again list, i am continuing experimenting with GNUTLS. I have written a client and a server that perform anonymous (ANON-DH) TLS negotiation. I successfully connected to a gnutls-serv --http --priority "NORMAL: +ANON-DH" instance. When i tried to connect to my own server (which is mostly an example from the documentation) i got the following error: > GNUTLS ERROR: The Diffie Hellman prime sent by the server is not > acceptable (not long enough). So i manually set the Diffie Hellman prime bits in the server to 1024 and in the client to 1023 (gnutls_dh_set_prime_bits (session, DH_BITS)) - With no effect. Still the same error. I also tried to set the DH prime bits in the server to 2048. The server needed longer to start up after this change so i guess that took effect. I then set the DH prime bits in the client to 0 and in the server to 1024. Now i can connect: Output of server: > [lennart <at> sundaysister Debug]$ ./GNUTLSTest-Server > Server ready. Listening to port '5556'. > > - Anonymous DH using prime of -50 bits > - connection from 112.93.99.0, port 50879 > - Handshake was completed(Continue reading)
RSS Feed