GNU bug report logs - #31946
27.0.50; The NSM should warn about more TLS problems

Previous Next

Package: emacs;

Reported by: Lars Ingebrigtsen <larsi <at> gnus.org>

Date: Sat, 23 Jun 2018 10:39:02 UTC

Severity: normal

Tags: fixed, security

Found in version 27.0.50

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 31946 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: 31946 <at> debbugs.gnu.org, Jimmy Yuen Ho Wong <wyuenho <at> gmail.com>
Subject: Re: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Tue, 26 Jun 2018 11:27:34 +0200

Noam Postavsky <npostavs <at> gmail.com> writes:

>>>            "https://dh-small-subgroup.badssl.com/"        ;; fail
>>>            "https://dh-composite.badssl.com/"             ;; fail
>
> So these ones seem kind of problematic, as alluded to on emacs-devel.
> It doesn't look like gnutls has an API to get or check the value of the
> DH primes (calc-prime-test bails out when given a 1024 bit prime, so we
> definitely need library support for this).

But they may not that urgent, if I understand things correctly.  Current
Firefox, for instance, does not seem to warn about this.

We could get in touch with the gnutls maintainer and ask for his input
and perhaps ask for API endpoints to allow us to check for these things?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 328 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.