GNU bug report logs -
#31946
27.0.50; The NSM should warn about more TLS problems
Previous Next
Reported by: Lars Ingebrigtsen <larsi <at> gnus.org>
Date: Sat, 23 Jun 2018 10:39:02 UTC
Severity: normal
Tags: fixed, security
Found in version 27.0.50
Fixed in version 27.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
This bug report is mostly just to remind myself, but if somebody else
wants to implement it -- go ahead. :-)
I meant to refactor the protocol checks in nsm.el so that they're more
easily extensible and also allow the user more fine-grained control of
what protocol issues they care about. Something like
(defvar network-security-tls-problems
'((low-diffie-hellman-prime-bits medium)
(rc4 low)
(dh-small-subgroup high)))
or something, and then a separate function for each of these tests to
avoid an ever-growing huge function with a `cond' in it, and also allow
users to add their own tests.
---
There are also more protocol stuff we should warn about on various
levels. These should be on `high':
> "https://3des.badssl.com/" ;; fail
> "https://mozilla-old.badssl.com/" ;; fail
> "https://dh-small-subgroup.badssl.com/" ;; fail
> "https://dh-composite.badssl.com/" ;; fail
> "https://invalid-expected-sct.badssl.com/" ;; fail, a bit
> concerning
These should be on `medium':
> "https://dh480.badssl.com/" ;; fail
> "https://dh512.badssl.com/" ;; fail
In GNU Emacs 27.0.50 (build 20, x86_64-pc-linux-gnu, GTK+ Version 3.22.11)
of 2018-05-19 built on stories
Repository revision: f4d9fd3dd45f767eca33fbf1beee40da790fa74e
Windowing system distributor 'The X.Org Foundation', version 11.0.11902000
System Description: Debian GNU/Linux 9 (stretch)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 328 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.