On Sun, Sep 01, 2013 at 07:24:24PM +0000, Viktor Dukhovni wrote: > http://archives.neohapsis.com/archives/postfix/2013-09/0003.html > > Peer Heinlein reports that some Exim SMTP clients fail to establish > a TLS session with Postfix SMTP servers because Exim enforces a > minimum prime size of 2048-bits for MODP EDH.
On a related note, this is a problem with GnuTLS pushing the envelope too aggressively. Since the TLS protocol does not support negotiation of the DH parameters between client and server, client enforcement of strong DH parameters that exceed common practice is rather unwise. Before TLS clients start being pedantic about key lengths in auxiliary algorithms, most server implementations need to be updated to implement said key lengths with corresponding SSL cipher-suites. Looking at the source code of GnuTLS 3.2.4 (really master branch from "git" which is 3.2.4 plus some new code) I see that with GnuTLS priority strings the "Normal" security level defaults to a minimum DH bit length of 2432, which is perhaps sound cryptography, but poor engineering: typedef struct { const char *name; gnutls_sec_param_t sec_param; unsigned int bits; /* security level */ unsigned int pk_bits; /* DH, RSA, SRP */ unsigned int dsa_bits; /* bits for DSA. Handled differently since * choice of key size in DSA is political. */ unsigned int subgroup_bits; /* subgroup bits */ unsigned int ecc_bits; /* bits for ECC keys */ } gnutls_sec_params_entry; static const gnutls_sec_params_entry sec_params[] = { {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0}, {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 0, 0}, {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 727, 0, 0, 0}, {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160}, {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160}, {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192}, {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224}, {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256}, {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512}, {NULL, 0, 0, 0, 0, 0} }; -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org