On 2012-05-21 01:34, Janne Snabb wrote:
> Maybe NSS is unable to create/use bigger keys than 2048 bits?
I found the actual limit in NSS sources in
mozilla/security/nss/lib/freebl/blapit.h:
#define DH_MAX_P_BITS 2236
Thus DHE keys up to 2236 bits do work, but longer keys cause the
observed failure.
Previously the limit was 1024 bits but it was increased to 2236 some
years ago, see the discussion at:
https://bugzilla.mozilla.org/show_bug.cgi?id=259229
The limit is documented here:
https://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html
It is also mentioned in the following interesting discussion:
http://sourceforge.net/mailarchive/forum.php?thread_name=4C81BB9E.9010808%40iang.org&forum_name=ssllabs-discuss
Something like the patch below might be needed. Disgusting :(.
---
src/src/tls-gnu.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 51fdb86..3a1cf61 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -395,6 +395,15 @@ DEBUG(D_tls)
dh_bits);
#endif
+/* NSS has a limit on D-H ephemeral key size: */
+#define NSS_DH_MAX_P_BITS 2236
+if (dh_bits > NSS_DH_MAX_P_BITS) {
+ dh_bits = NSS_DH_MAX_P_BITS;
+DEBUG(D_tls)
+ debug_printf("Clamping D-H PK size to %d bits to workaround NSS
limit.\n",
+ dh_bits);
+}
+
if (!string_format(filename, sizeof(filename),
"%s/gnutls-params-%d", spool_directory, dh_bits))
return tls_error(US"overlong filename", NULL, NULL);
--
1.7.9.5
--
Janne Snabb / EPIPE Communications
snabb@??? -
http://epipe.com/
