Bug#750094: Misleading warning
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jun 2 22:33:40 UTC 2014
over on https://bugs.debian.org/750094,
On 06/01/2014 10:01 AM, Juliusz Chroboczek wrote:
> Package: gnutls-bin
> Version: 3.2.14-1
>
> Try the following:
>
> gnutls-cli --dh-bits 256 --starttls -p 80 www.debian.org
>
> It prints the following warning:
>
> |<1>| Note that the security level of the Diffie-Hellman key exchange
> has been lowered to 256 bits and this may allow decryption of the
> session data
>
> This warning is printed before any TLS negotiation happens, so it does not
> reflect the parameters that were actually negotiated. The wording should
> be changed in order to make it clear that the actual negotiated parameters
> might be different.
this can be replicated without the --starttls or -p 80, just with:
gnutls-cli --dh-bits 256 www.debian.org
the warning happens before the TLS handshake happens.
I'm forwarding this to the gnutls-devel mailing list.
It seems to me there could be two different kinds of warnings:
0) a warning that the configuration has lowered the DH key exchange
strength and may cause weakness (what we're seeing here) -- Juliusz, can
you propose an alternate text for this warning?
1) a warning in the _gnutls_audit_log when the dh bits is *actually*
lower than whatever cutoff we deem to be absurdly unacceptable.
I worry a little bit about either warning, mainly because it seems to
imply that anything higher than 512 bits *won't* allow decryption of the
session data, which probably isn't the case for, say, a 513-bit group :P
Nikos, any thoughts on what makes sense to do here?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20140602/b836ca9e/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list