diff options
author | Chong Yidong <cyd@gnu.org> | 2012-05-16 10:49:19 +0800 |
---|---|---|
committer | Chong Yidong <cyd@gnu.org> | 2012-05-16 10:49:19 +0800 |
commit | 4f32cc6c579a7cad630732643088e89ed3868b53 (patch) | |
tree | 0704ecd2235200818147c3604d33f919682b42e8 /lisp | |
parent | ccbf309ce0aa34ef55405945ed29db41250aa34e (diff) | |
download | emacs-4f32cc6c579a7cad630732643088e89ed3868b53.tar.gz emacs-4f32cc6c579a7cad630732643088e89ed3868b53.tar.bz2 emacs-4f32cc6c579a7cad630732643088e89ed3868b53.zip |
* net/gnutls.el (gnutls-min-prime-bits): Improve docstring.
Diffstat (limited to 'lisp')
-rw-r--r-- | lisp/ChangeLog | 4 | ||||
-rw-r--r-- | lisp/net/gnutls.el | 10 |
2 files changed, 11 insertions, 3 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog index b4428860cb3..9a668fa2704 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,7 @@ +2012-05-16 Chong Yidong <cyd@gnu.org> + + * net/gnutls.el (gnutls-min-prime-bits): Improve docstring. + 2012-05-15 Chong Yidong <cyd@gnu.org> * help.el (describe-mode): Doc fix. diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 92400730f56..a306384c775 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -67,9 +67,13 @@ The files may not exist, in which case they will be ignored." ;;;###autoload (defcustom gnutls-min-prime-bits 256 - "Minimum number of bits to be used in Diffie-Hellman key exchange. -During a client-server handshake, if the server sends a prime -with fewer than this number of bits, the handshake will fail. + ;; Several mail servers send fewer bits than the GnuTLS default. + ;; Currently, 256 appears to be a reasonable choice (Bug#11267). + "Minimum number of prime bits accepted by GnuTLS for key exchange. +During a Diffie-Hellman handshake, if the server sends a prime +number with fewer than this number of bits, the handshake is +rejected. \(The smaller the prime number, the less secure the +key exchange is against man-in-the-middle attacks.) A value of nil says to use the default GnuTLS value." :type '(choice (const :tag "Use default value" nil) |