[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Noam Postavsky
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sat, 23 Jun 2018 18:28:15 -0400

On 23 June 2018 at 02:40, Eli Zaretskii <address@hidden> wrote:

>> Can we bump gnutls-min-prime-bits to 1024 on the release branch?
> No, I don't think so.  Changing these settings needs a prolonged
> testing period to uncover any subtle problems with non-conforming
> servers that users must be able to access, and such testing is
> unlikely to happen on emacs-26 before the next bug-fix release.

I'm not sure what testing would be needed: if the connection to a
server fails, the user sets the variable to the previous default.

Also, would this attack published in 2015 make a difference to the decision?


    The Logjam attack allows a man-in-the-middle attacker to downgrade
    vulnerable TLS connections to 512-bit export-grade cryptography.


        Server operators should disable DHE_EXPORT and configure DHE
        ciphersuites to use primes of 2048 bits or larger. Browsers
        and clients should raise the minimum accepted size for
        Diffie-Hellman groups to at least 1024 bits in order to avoid
        downgrade attacks when communicating with servers that still
        use smaller groups. Primes of less than 1024 bits should not
        be considered secure, even against an attacker with moderate

reply via email to

[Prev in Thread] Current Thread [Next in Thread]