bug#31946: 27.0.50; The NSM should warn about more TLS problems

[Lars Ingebrigtsen]

This bug report is mostly just to remind myself, but if somebody else
wants to implement it -- go ahead.  :-)

I meant to refactor the protocol checks in nsm.el so that they're more
easily extensible and also allow the user more fine-grained control of
what protocol issues they care about.  Something like

(defvar network-security-tls-problems
        '((low-diffie-hellman-prime-bits medium)
          (rc4 low)
          (dh-small-subgroup high)))

or something, and then a separate function for each of these tests to
avoid an ever-growing huge function with a `cond' in it, and also allow
users to add their own tests.

---

There are also more protocol stuff we should warn about on various
levels.  These should be on `high':


>            "https://3des.badssl.com/"                     ;; fail
>            "https://mozilla-old.badssl.com/"              ;; fail
>            "https://dh-small-subgroup.badssl.com/"        ;; fail
>            "https://dh-composite.badssl.com/"             ;; fail
>            "https://invalid-expected-sct.badssl.com/"     ;; fail, a bit
> concerning

These should be on `medium':

>            "https://dh480.badssl.com/"                    ;; fail
>            "https://dh512.badssl.com/"                    ;; fail



In GNU Emacs 27.0.50 (build 20, x86_64-pc-linux-gnu, GTK+ Version 3.22.11)
 of 2018-05-19 built on stories
Repository revision: f4d9fd3dd45f767eca33fbf1beee40da790fa74e
Windowing system distributor 'The X.Org Foundation', version 11.0.11902000
System Description: Debian GNU/Linux 9 (stretch)


-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no