Hello again list, i am continuing experimenting with GNUTLS. I have written a client and a server that perform anonymous (ANON-DH) TLS negotiation.
I successfully connected to a gnutls-serv --http --priority "NORMAL: +ANON-DH" instance. When i tried to connect to my own server (which is mostly an example from the documentation) i got the following error: > GNUTLS ERROR: The Diffie Hellman prime sent by the server is not > acceptable (not long enough). So i manually set the Diffie Hellman prime bits in the server to 1024 and in the client to 1023 (gnutls_dh_set_prime_bits (session, DH_BITS)) - With no effect. Still the same error. I also tried to set the DH prime bits in the server to 2048. The server needed longer to start up after this change so i guess that took effect. I then set the DH prime bits in the client to 0 and in the server to 1024. Now i can connect: Output of server: > [EMAIL PROTECTED] Debug]$ ./GNUTLSTest-Server > Server ready. Listening to port '5556'. > > - Anonymous DH using prime of -50 bits > - connection from 112.93.99.0, port 50879 > - Handshake was completed > > - Peer has closed the GNUTLS connection Output of client: > [EMAIL PROTECTED] Debug]$ ./GNUTLSTest > - Anonymous DH using prime of 8 bits > - Handshake was completed > - Received 22 bytes: hello, this is a test! Notice the "Anonymous DH using prime of -50 bits". This is the output of gnutls_dh_get_prime_bits(session)). No change whereever i place the output in the source code or what i set DH_BITS to. I guess a DH prime of 8 bits will not provide strong encryption, right? ;) Could you please help me with that? So long Lennart _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
