Bug#750094: Misleading warning
Juliusz Chroboczek
jch at pps.univ-paris-diderot.fr
Sun Jun 1 14:01:27 UTC 2014
Package: gnutls-bin
Version: 3.2.14-1
Try the following:
gnutls-cli --dh-bits 256 --starttls -p 80 www.debian.org
It prints the following warning:
|<1>| Note that the security level of the Diffie-Hellman key exchange
has been lowered to 256 bits and this may allow decryption of the
session data
This warning is printed before any TLS negotiation happens, so it does not
reflect the parameters that were actually negotiated. The wording should
be changed in order to make it clear that the actual negotiated parameters
might be different.
-- Juliusz
More information about the Pkg-gnutls-maint
mailing list