bug#19284: 25.0.50; tls.el uses option --insecure

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19284: 25.0.50; tls.el uses option --insecure

From:	Jens Lechtenboerger
Subject:	bug#19284: 25.0.50; tls.el uses option --insecure
Date:	Fri, 05 Dec 2014 20:43:09 +0100
User-agent:	Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

This is a followup to bug#16978, where I reported multiple MITM
issues.

tls.el calls gnutls-cli with option --insecure.

As Emacs applies TOFU by default via nsm.el (great work, many
thanks!), the above is dangerous.  I continue to use the following:
(setq tls-program '("gnutls-cli --strict-tofu -p %p %h"))

I’m not sure under what conditions tls.el is necessary.  Is it?

Best wishes
Jens

[Prev in Thread]

Current Thread

[Next in Thread]

bug#19284: 25.0.50; tls.el uses option --insecure, Jens Lechtenboerger <=

Prev by Date: bug#19283: 25.0.50; imap.el with man-in-the-middle vulnerability
Next by Date: bug#19283: 25.0.50; imap.el with man-in-the-middle vulnerability
Previous by thread: bug#19283: 25.0.50; imap.el with man-in-the-middle vulnerability
Next by thread: bug#19285: 24.4; ruby-imenu-create-index-in-block gets confused by regular expression in source code
Index(es):
- Date
- Thread