From 4f32cc6c579a7cad630732643088e89ed3868b53 Mon Sep 17 00:00:00 2001 From: Chong Yidong Date: Wed, 16 May 2012 10:49:19 +0800 Subject: * net/gnutls.el (gnutls-min-prime-bits): Improve docstring. --- lisp/ChangeLog | 4 ++++ lisp/net/gnutls.el | 10 +++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/lisp/ChangeLog b/lisp/ChangeLog index b4428860cb3..9a668fa2704 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,7 @@ +2012-05-16 Chong Yidong + + * net/gnutls.el (gnutls-min-prime-bits): Improve docstring. + 2012-05-15 Chong Yidong * help.el (describe-mode): Doc fix. diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 92400730f56..a306384c775 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -67,9 +67,13 @@ The files may not exist, in which case they will be ignored." ;;;###autoload (defcustom gnutls-min-prime-bits 256 - "Minimum number of bits to be used in Diffie-Hellman key exchange. -During a client-server handshake, if the server sends a prime -with fewer than this number of bits, the handshake will fail. + ;; Several mail servers send fewer bits than the GnuTLS default. + ;; Currently, 256 appears to be a reasonable choice (Bug#11267). + "Minimum number of prime bits accepted by GnuTLS for key exchange. +During a Diffie-Hellman handshake, if the server sends a prime +number with fewer than this number of bits, the handshake is +rejected. \(The smaller the prime number, the less secure the +key exchange is against man-in-the-middle attacks.) A value of nil says to use the default GnuTLS value." :type '(choice (const :tag "Use default value" nil) -- cgit v1.2.1