[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
|
From: |
Lars Ingebrigtsen |
|
Subject: |
Re: A couple of questions and concerns about Emacs network security |
|
Date: |
Sun, 24 Jun 2018 14:53:36 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
Jimmy Yuen Ho Wong <address@hidden> writes:
> Currently `network-security-level` 'high and above *only* checks for the case
> with prime bits < 1024. I can't fine tune the specific checks (very much
> necessary given Emacs' release cycle) in `network-security-level` to
> something like:
>
> (setq gnutls-algorithm-priority
> "SECURE192:+SECURE128:-VERS-ALL:+VERS-TLS1.2:%PROFILE_MEDIUM"
> gnutls-min-prime-bits 2048)
>
> **AND** have NSM warn me if I'm presented a 3DES cert or a cert with a DH
> prime between 1024 and 2048.
Like I said in a different email, I'll be rewriting the checks to allow
the user to add as fine-grained checks they want to the NSM via
something like:
(defvar network-security-tls-problems
'((low-diffie-hellman-prime-bits medium)
(rc4 low)
(dh-small-subgroup high)))
But you'd leave the gnutls variables alone.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security,
Lars Ingebrigtsen <=
- Re: A couple of questions and concerns about Emacs network security, Paul Eggert, 2018/06/22
- Re: A couple of questions and concerns about Emacs network security, Stefan Monnier, 2018/06/22
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/23
Re: A couple of questions and concerns about Emacs network security, Noam Postavsky, 2018/06/22
Re: A couple of questions and concerns about Emacs network security, Noam Postavsky, 2018/06/23
Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/24
Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/24