help-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Security Manager warns safe renegotiation is not supported

From: Robert Pluim
Subject: Re: Network Security Manager warns safe renegotiation is not supported
Date: Thu, 05 Sep 2019 08:51:23 +0200 
>>>>> On Sun, 01 Sep 2019 12:37:10 -0400, Amin Bandali <bandali@gnu.org> said:
    Amin> I’m no security expert, but I don’t think that’s a good idea.  Setting
    Amin> `gnutls-algorithm-priority' to that value basically tells GnuTLS to 
skip
    Amin> TLS1.3 altogether, which is the latest version of the TLS protocol.

    Amin> The issue seems to be that nsm.el checks for renegotiation_info[1] for
    Amin> TLS1.3 connections as well; but if I understand correctly, 
renegotiation
    Amin> was removed from TLS1.3, according to [2] and [3].  I *think* the 
proper
    Amin> way to fix this would be have nsm *not* check for 
renegotiation-info-ext
    Amin> for TlS1.3 connections.  Please don’t take my word for this as, again,
    Amin> I’m no security/GnuTLS expert.  Hopefully others with more knowledge 
can
    Amin> chime in to clarify.

Correct. Fixed in emacs-master.

Robert
reply via email to
[Prev in Thread] Current Thread [Next in Thread]