GNU bug report logs - #16978
24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities

Previous Next

Package: emacs;

Reported by: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>

Date: Mon, 10 Mar 2014 07:00:02 UTC

Severity: important

Tags: fixed, security

Merged with 16193, 18600

Found in versions 24.3, 24.3.94

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 16978 <at> debbugs.gnu.org (full text, mbox):

From: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 16978 <at> debbugs.gnu.org
Subject: Re: bug#16978: 24.3;
 SSL/TLS with multiple man-in-the-middle vulnerabilities
Date: Tue, 11 Mar 2014 18:04:25 +0100

On Mo, Mar 10 2014, Glenn Morris wrote:

> Please see http://debbugs.gnu.org/13374

I wasn't aware of that, sorry.

I'm now on GNU Emacs 24.3.50.1.  I can't get gnutls-verify-error to
work.  So far I only tried that with NNTPS, not SMTP.  If I set
gnutls-verify-error to t, the TCP connection to port 563 is closed
immediately (on the wire I see FIN/ACK immediately after the
three-way handshake; no TLS related data at all).
Afterwards, the server is shown as offline in the server buffer.
gnus-server-open-server fails as long as gnutls-verify-error is t.

imap.el is still using openssl's s_client.

tls.el is still using the switch --insecure for gnutls-cli.

Best wishes
Jens

This bug report was last modified 10 years and 179 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #16978 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities

GNU bug report logs - #16978
24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities