On 2012-05-21 01:34, Janne Snabb wrote: > Maybe NSS is unable to create/use bigger keys than 2048 bits?
I found the actual limit in NSS sources in mozilla/security/nss/lib/freebl/blapit.h: #define DH_MAX_P_BITS 2236 Thus DHE keys up to 2236 bits do work, but longer keys cause the observed failure. Previously the limit was 1024 bits but it was increased to 2236 some years ago, see the discussion at: https://bugzilla.mozilla.org/show_bug.cgi?id=259229 The limit is documented here: https://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html It is also mentioned in the following interesting discussion: http://sourceforge.net/mailarchive/forum.php?thread_name=4C81BB9E.9010808%40iang.org&forum_name=ssllabs-discuss Something like the patch below might be needed. Disgusting :(. --- src/src/tls-gnu.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 51fdb86..3a1cf61 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -395,6 +395,15 @@ DEBUG(D_tls) dh_bits); #endif +/* NSS has a limit on D-H ephemeral key size: */ +#define NSS_DH_MAX_P_BITS 2236 +if (dh_bits > NSS_DH_MAX_P_BITS) { + dh_bits = NSS_DH_MAX_P_BITS; +DEBUG(D_tls) + debug_printf("Clamping D-H PK size to %d bits to workaround NSS limit.\n", + dh_bits); +} + if (!string_format(filename, sizeof(filename), "%s/gnutls-params-%d", spool_directory, dh_bits)) return tls_error(US"overlong filename", NULL, NULL); -- 1.7.9.5 -- Janne Snabb / EPIPE Communications [email protected] - http://epipe.com/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
