GNU bug report logs - #31946
27.0.50; The NSM should warn about more TLS problems

Previous Next

Package: emacs;

Reported by: Lars Ingebrigtsen <larsi <at> gnus.org>

Date: Sat, 23 Jun 2018 10:39:02 UTC

Severity: normal

Tags: fixed, security

Found in version 27.0.50

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Noam Postavsky <npostavs <at> gmail.com>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 31946 <at> debbugs.gnu.org, Jimmy Yuen Ho Wong <wyuenho <at> gmail.com>
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Mon, 25 Jun 2018 21:23:16 -0400

Lars Ingebrigtsen <larsi <at> gnus.org> writes:

> There are also more protocol stuff we should warn about on various
> levels.  These should be on `high':

>>            "https://dh-small-subgroup.badssl.com/"        ;; fail
>>            "https://dh-composite.badssl.com/"             ;; fail

So these ones seem kind of problematic, as alluded to on emacs-devel.
It doesn't look like gnutls has an API to get or check the value of the
DH primes (calc-prime-test bails out when given a 1024 bit prime, so we
definitely need library support for this).

https://lists.gnu.org/archive/html/emacs-devel/2018-06/msg00805.html
https://lists.gnu.org/archive/html/emacs-devel/2018-06/msg00807.html

This bug report was last modified 5 years and 327 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #31946 27.0.50; The NSM should warn about more TLS problems

GNU bug report logs - #31946
27.0.50; The NSM should warn about more TLS problems