emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security


From: Robert Pluim
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Mon, 09 Jul 2018 18:35:45 +0200

Jimmy Yuen Ho Wong <address@hidden> writes:

>>
>> > Users aren't supposed to care about that variable, anyway, since the NSM
>> > warns about less than 1024 bits...
>>
>> Yes, but what if GnuTLS bumps the default to more than that?  And even
>> if not, I think I might like to know how far below 1024 I'm going to
>> be if I allow the connection.
>
> I've surfaced the DH_PRIME_UNACCEPTABLE error from the handshake to
> the Lisp side here.
> https://github.com/wyuenho/emacs/commit/6c00758175b227338005533b27999435b33528d5
>
> I'm don't like this change to much. It's full of exceptions in the C
> code, and you still can't get the prime bits the server sent over,
> because gnutls_dh_get_prime_bits() only returns a prime bit if an
> actual DH key exchange was done. Since the handshake failed early as
> soon as the client found out the prime bits are too low, ciphers, mac
> and all the rest were not negotiated, so they are all NULL. You do at
> least get a warning that lets you know the prime bit is too low tho,
> and you can still proceed with this connection tho, but it wouldn't be
> very useful. Since the handshake failed, the result will be a plain
> HTTP request to an HTTPS port, of which the server will typically
> return with an HTTP 400.

Iʼd much rather we hard fail the connection here than proceed without
TLS.

> Perhaps it's simply better to let the user know that they can (setq
> gnutls-log-level 1) to log out the actual GnuTLS error message (which
> is still just prime bits too low without specifying a number)

Yes, that sounds like a good idea.

Robert



reply via email to

[Prev in Thread] Current Thread [Next in Thread]