emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security


From: Jimmy Yuen Ho Wong
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Mon, 9 Jul 2018 19:10:09 +0100

On Mon, Jul 9, 2018 at 7:05 PM Eli Zaretskii <address@hidden> wrote:
>
> > From: Jimmy Yuen Ho Wong <address@hidden>
> > Date: Mon, 9 Jul 2018 18:38:14 +0100
> > Cc: Lars Ingebrigtsen <address@hidden>, Emacs-Devel devel <address@hidden>
> > This is what (setq gnutls-min-prime-bits nil) means:
> >
> > https://github.com/emacs-mirror/emacs/blob/master/src/gnutls.c#L1854
>
> This still doesn't tell me what nil means:
>
>   prime_bits            = Fplist_get (proplist, QCmin_prime_bits);
>   [...]
>   if (INTEGERP (prime_bits))
>     gnutls_dh_set_prime_bits (state, XUINT (prime_bits));
>
> If prime_bits is nil, we do nothing with it.  We only use it if it is
> an integer.

Yep. By not setting it from the Emacs's side, it means the DH prime
bits is controlled by the priority string, and GnuTLS will do the
right thing accordingly. It also means the min prime bit is GnuTLS
version dependent.

"Note that since 3.1.7 this function is deprecated. The minimum number
of bits is set by the priority string level. Also this function must
be called after gnutls_priority_set_direct() or the set value may be
overridden by the selected priority options."

https://www.gnutls.org/reference/gnutls-gnutls.html#gnutls-dh-set-prime-bits



reply via email to

[Prev in Thread] Current Thread [Next in Thread]