[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#31946: 27.0.50; The NSM should warn about more TLS problems
From: |
Lars Ingebrigtsen |
Subject: |
bug#31946: 27.0.50; The NSM should warn about more TLS problems |
Date: |
Sat, 23 Jun 2018 12:38:03 +0200 |
This bug report is mostly just to remind myself, but if somebody else
wants to implement it -- go ahead. :-)
I meant to refactor the protocol checks in nsm.el so that they're more
easily extensible and also allow the user more fine-grained control of
what protocol issues they care about. Something like
(defvar network-security-tls-problems
'((low-diffie-hellman-prime-bits medium)
(rc4 low)
(dh-small-subgroup high)))
or something, and then a separate function for each of these tests to
avoid an ever-growing huge function with a `cond' in it, and also allow
users to add their own tests.
---
There are also more protocol stuff we should warn about on various
levels. These should be on `high':
> "https://3des.badssl.com/" ;; fail
> "https://mozilla-old.badssl.com/" ;; fail
> "https://dh-small-subgroup.badssl.com/" ;; fail
> "https://dh-composite.badssl.com/" ;; fail
> "https://invalid-expected-sct.badssl.com/" ;; fail, a bit
> concerning
These should be on `medium':
> "https://dh480.badssl.com/" ;; fail
> "https://dh512.badssl.com/" ;; fail
In GNU Emacs 27.0.50 (build 20, x86_64-pc-linux-gnu, GTK+ Version 3.22.11)
of 2018-05-19 built on stories
Repository revision: f4d9fd3dd45f767eca33fbf1beee40da790fa74e
Windowing system distributor 'The X.Org Foundation', version 11.0.11902000
System Description: Debian GNU/Linux 9 (stretch)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- bug#31946: 27.0.50; The NSM should warn about more TLS problems,
Lars Ingebrigtsen <=