[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network Security Manager warns safe renegotiation is not supported
From: |
Robert Pluim |
Subject: |
Re: Network Security Manager warns safe renegotiation is not supported |
Date: |
Thu, 05 Sep 2019 11:38:41 +0200 |
>>>>> On Thu, 5 Sep 2019 09:53:08 +0200, "Herbert J. Skuhra"
>>>>> <herbert@gojira.at> said:
Herbert> On Thu, Sep 05, 2019 at 08:51:23AM +0200, Robert Pluim wrote:
>> >>>>> On Sun, 01 Sep 2019 12:37:10 -0400, Amin Bandali <bandali@gnu.org>
said:
Amin> I’m no security expert, but I don’t think that’s a good idea. Setting
Amin> `gnutls-algorithm-priority' to that value basically tells GnuTLS to
skip
Amin> TLS1.3 altogether, which is the latest version of the TLS protocol.
>>
Amin> The issue seems to be that nsm.el checks for renegotiation_info[1] for
Amin> TLS1.3 connections as well; but if I understand correctly,
renegotiation
Amin> was removed from TLS1.3, according to [2] and [3]. I *think* the
proper
Amin> way to fix this would be have nsm *not* check for
renegotiation-info-ext
Amin> for TlS1.3 connections. Please don’t take my word for this as, again,
Amin> I’m no security/GnuTLS expert. Hopefully others with more knowledge
can
Amin> chime in to clarify.
>>
>> Correct. Fixed in emacs-master.
Herbert> Hi,
Herbert> I am still getting:
Herbert> Certificate information
Herbert> Issued by: Let's Encrypt Authority X3
Herbert> Issued to: CN=elpa.gnu.org
Herbert> Hostname: elpa.gnu.org
Herbert> Public key: RSA, signature: RSA-SHA256
Herbert> Session: TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM,
mac:
Herbert> AEAD
Herbert> Security level: Medium
Herbert> Valid: From 2019-08-07 to 2019-11-05
Herbert> The TLS connection to elpa.gnu.org:443 is insecure
Herbert> for the following reason:
Herbert> * safe renegotiation is not supported, connection not protected
from
Herbert> impersonators
When did you rebuild emacs? 95becaaf3b went in last night.
Robert
- Re: Network Security Manager warns safe renegotiation is not supported, Jude DaShiell, 2019/09/01
- Re: Network Security Manager warns safe renegotiation is not supported, Amin Bandali, 2019/09/01
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Herbert J. Skuhra, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported,
Robert Pluim <=
- Re: Network Security Manager warns safe renegotiation is not supported, Herbert J. Skuhra, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Message not available
- Re: Network Security Manager warns safe renegotiation is not supported, Lars Magne Ingebrigtsen, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Message not available
- Re: Network Security Manager warns safe renegotiation is not supported, Lars Magne Ingebrigtsen, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Herbert J. Skuhra, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Herbert J. Skuhra, 2019/09/05