GNU bug report logs - #31946
27.0.50; The NSM should warn about more TLS problems

Previous Next

Full log

View this message in rfc822 format

From: Jimmy Yuen Ho Wong <wyuenho <at> gmail.com>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: Eli Zaretskii <eliz <at> gnu.org>, 31946 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi <at> gnus.org>
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Thu, 28 Jun 2018 16:58:51 +0100

>
> So, the client side can't be patched, and the server side doesn't really
> need to be patched (just leave the "reuse ephemeral key" option turned
> off).
>

He's talking about GnuTLS servers, nobody uses GnuTLS on the
server-side, also GnuTLS' implementation of RFC 7919 doesn't seem to
be in 3.5.x branch.

A bit more update from my research, the authoritative list of browser
capabilities is actually https://www.ssllabs.com/ssltest/clients.html
. We can see that only IE and Opera still support DHE_RSA KX, and
these browsers don't matter as game changers.

Unless we plan to require GnuTLS 3.6+, we'll definitely need to warn
in the 'medium level. This is a super simple check.

> Furthermore, it seems gnutls has added support for standardized primes,
> so that pretty much resolves the issue as much as it can be:
>

WRT RFC 7919, IMO, it is dead on arrival, even when it is approved.
With DHE based ciphers removed in browsers, the only real options are
TLS 1.2/1.3 with ECDHE KX, and fall back to TLS 1.2 with RSA KX.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.