bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25061: consider adding %COMPAT to default gnutls priority string


From: Ted Zlatanov
Subject: bug#25061: consider adding %COMPAT to default gnutls priority string
Date: Wed, 06 Sep 2017 15:32:42 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

On Sat, 02 Sep 2017 16:49:20 +0300 Eli Zaretskii <address@hidden> wrote: 

>> From: Ted Zlatanov <address@hidden>
>> Date: Mon, 13 Feb 2017 11:04:55 -0500
>> 
>> On Fri, 10 Feb 2017 16:51:39 +0100 Andy Wingo <address@hidden> wrote: 
>> 
AW> I tried checking (had to remember what I was doing to begin with!) and
AW> was not able to reproduce the original problem, and therefore couldn't
AW> test NORMAL:%COMPAT or NORMAL:%DUMBFW :/  Sorry :/
>> 
AW> I was trying to just do this:
>> 
AW> ;; uncomment to test original proposed workaround
AW> ;; (setq gnutls-algorithm-priority "NORMAL:%COMPAT")
AW> (setq gnutls-log-level 2)
AW> (url-retrieve "https://mirror.hydra.gnu.org/";
AW> #'(lambda (status)
AW> (message "success")))
>> 
AW> and evaluating that last form a number of times.  Not very scientific :P
AW> I was unable to reproduce the problem though.
>> 
>> Thanks, Andy.
>> 
>> We were just talking with Michael about connection-specific settings;
>> this is a perfect use case. It will be one of the first things we use
>> for testing. So that will resolve the need for per-connection
>> adjustments, and we can focus on just the default value.
>> 
>> Does anyone think we should add %COMPAT or %DUMBFW to the default
>> priority string? Without definitive proof that it will help, I'm not
>> sure we should, but I'm open to comments. Either way, we'll document it.

EZ> Any progress on this one, Ted?  This bug currently blocks the release
EZ> of Emacs 26.1, so could we please expedite its resolution, whatever
EZ> that is?

Unfortunately I wasn't able to get to the connection-specific settings,
so right now we have to make these changes globally.

We've had no followup on this from anyone else and it's not easily
reproducible. Using %COMPAT for everyone could open them to old
vulnerabilities.

I'd rather stay with the current defaults and defer the rest of the work
to when connection-specific settings are available. I'm not sure of the
right place to discuss these settings--maybe a new section will be
needed once connection-specific settings exist.

So that's my vote; please add yours.

Thanks
Ted





reply via email to

[Prev in Thread] Current Thread [Next in Thread]