[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Eli Zaretskii
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Mon, 09 Jul 2018 19:57:48 +0300

> From: Jimmy Yuen Ho Wong <address@hidden>
> Date: Sun, 8 Jul 2018 20:22:54 +0100
> Cc: Lars Ingebrigtsen <address@hidden>, Emacs-Devel devel <address@hidden>
> > Problem is, I cannot find this number in the GnuTLS documentation,
> > either.  Maybe I'm blind; but if not, it means our users have no
> > reasonable way of knowing how many bits they are using, and that is
> > not good, IMO.
> It's not in the documentation, it's in the src/gnutls.c line
> 1834-1835. It's also in the docstring of `gnutls-min-prime-bits`.

Are you talking about the master branch of the Emacs repository?  If
so, I must be blind, because I don't see 1008 anywhere around those

> > > Users aren't supposed to care about that variable, anyway, since the NSM
> > > warns about less than 1024 bits...
> >
> > Yes, but what if GnuTLS bumps the default to more than that?  And even
> > if not, I think I might like to know how far below 1024 I'm going to
> > be if I allow the connection.
> See my other email for a way out of this. Once you've caught
> GNUTLS_E_DH_PRIME_UNACCEPTABLE, you can still call
> gnutls_dh_get_prime_bits to get the prime bits the server sends back
> out. I think this is already done, we just need to catch
> GNUTLS_E_DH_PRIME_UNACCEPTABLE so gnutls_verify_boot doesn't
> immediately return.

That's a separate issue, regarding your argument with Lars whether to
let NSM handle the too low bits or leave it to GnuTLS.  The issue I
raised was how can users know what is the GnuTLS default.  Because the
doc string of gnutls-min-prime-bits says:

  (defcustom gnutls-min-prime-bits 256
    ;; Several mail servers send fewer bits than the GnuTLS default.
    ;; Currently, 256 appears to be a reasonable choice (Bug#11267).
    "Minimum number of prime bits accepted by GnuTLS for key exchange.
  During a Diffie-Hellman handshake, if the server sends a prime
  number with fewer than this number of bits, the handshake is
  rejected.  \(The smaller the prime number, the less secure the
  key exchange is against man-in-the-middle attacks.)

  A value of nil says to use the default GnuTLS value."

Which of course immediately begs the question "what is my GnuTLS's
default value?"

reply via email to

[Prev in Thread] Current Thread [Next in Thread]