On Mon, May 21, 2012 at 1:17 AM, Phil Pennock <[email protected]> wrote: > On 2012-05-20 at 16:24 +0200, Nikos Mavrogiannopoulos wrote: >> From what I can tell it is the client for some reason terminates the >> connection. What is the output on the client? Do you have a tcpdump of >> the issue? Have you tried alternative priority strings than normal >> [0]? >> >> [0]. >> http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html > Janne Snabb has done better detective work than I and found that NSS has > a hard-coded clamp on the number of DH bits used for ephemeral D-H and > GnuTLS's return value from gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, > GNUTLS_SEC_PARAM_NORMAL) is over that limit.
That's very interesting. Our key sizes is according to recommendations like ECRYPT [0]. What is the NSS limit? Did you report it to the NSS people? [0]. http://www.keylength.com/en/3/ regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
