This was discussed upstream in <http://article.gmane.org/gmane.network.gnutls.general/3667> and according to <http://article.gmane.org/gmane.network.gnutls.general/3669> should not be an issue in 3.3.x:
Quoting Nikos Mavrogiannopoulos: || On Mon, 2014-11-10 at 11:48 -1000, Daniel Kahn Gillmor wrote: | >> After some debugging it turns out that the failing criteria is that | >> multiple of 64 bits requirement[1]. For some reason I've gotten a 1023 | >> bit prime, even though I called gnutls_dh_params_generate2() with 1024 | >> as the argument. | > ugh. Java is at fault here -- there's no sense in this particular | > severe limitation. if they're willing to use 512-bit DHE parameters and | > 1024-bit DHE parameters, they should be willing to use 1023-bit DHE | > parameters. | | That's indeed quite some arbitrary limitation. | | > That said, i suppose it's possible that gnutls could always ensure that | > the high bit is set when generating a prime of a given size. | | That should be the case in gnutls 3.3.x. That version delegates to | nettle the DH parameter generation and nettle seems to be more precise. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1463147 Title: gnutls_dh_params_generate2 generates short primes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1463147/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
