Variable: gnutls-min-prime-bits

gnutls-min-prime-bits is a customizable variable defined in gnutls.el.gz.

Value

nil

Documentation

Minimum number of prime bits accepted by GnuTLS for key exchange.

During a Diffie-Hellman handshake, if the server sends a prime number with fewer than this number of bits, the handshake is rejected. (The smaller the prime number, the less secure the key exchange is against man-in-the-middle attacks.)

A value of nil says to use the default GnuTLS value.

The default value of this variable is such that virtually any connection can be established, whether this connection can be considered cryptographically "safe" or not. However, Emacs network security is handled at a higher level via open-network-stream and the Network Security Manager. See Info node (emacs) Network Security.

This variable was added, or its default value changed, in Emacs 27.1.

Source Code

;; Defined in /usr/src/emacs/lisp/net/gnutls.el.gz
(defcustom gnutls-min-prime-bits nil
  "Minimum number of prime bits accepted by GnuTLS for key exchange.
During a Diffie-Hellman handshake, if the server sends a prime
number with fewer than this number of bits, the handshake is
rejected.  \(The smaller the prime number, the less secure the
key exchange is against man-in-the-middle attacks.)

A value of nil says to use the default GnuTLS value.

The default value of this variable is such that virtually any
connection can be established, whether this connection can be
considered cryptographically \"safe\" or not.  However, Emacs
network security is handled at a higher level via
`open-network-stream' and the Network Security Manager.  See Info
node `(emacs) Network Security'."
  :type '(choice (const :tag "Use default value" nil)
                 (integer :tag "Number of bits" 2048))
  :version "27.1")