[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The netsec thread

From: Robert Pluim
Subject: Re: The netsec thread
Date: Tue, 03 Sep 2019 22:02:06 +0200

>>>>> On Tue, 3 Sep 2019 12:20:27 -0700, Paul Eggert <address@hidden> said:

    Paul> Robert Pluim wrote:
    >> The only code that cares is NSM, which can be fixed, and itʼs easy
    >> enough to remove as well. The GNUTLS_TLS1_3 define was added in GnuTLS
    >> 3.6.3, so we can check for the version if you prefer.

    Paul> Checking for GNUTLS_TLS1_3 sounds fine (in fact, a bit better). We can
    Paul> make the code a bit faster/clearer by not calling
    Paul> gnutls_protocol_get_version twice. Also, it's better to not intertwine
    Paul> ifdefs with ifs. So, something like the attached patch perhaps? Though
    Paul> I didn't install it because NSM needs to be changed too and I'm not
    Paul> sure what you were thinking of there.

Below is one way to do it, which would be independent of your
change. Another way would be to check

(plist-member status :safe-renegotiation)

before checking the value of :safe-renegotiation, but that would
require removing :safe-renegotiation for TLS1.3.

I donʼt really prefer one to the other, but the below commit is ready,
and Iʼm lazy :-)

I hope Eli has an opinion, his taste is much better than mine.


commit d476ad2fcdf6a05cb6f32372df88b1e528682f9e
Author:     Robert Pluim <address@hidden>
AuthorDate: Mon Sep 2 14:55:00 2019 +0200
Commit:     Robert Pluim <address@hidden>
CommitDate: Tue Sep 3 16:43:12 2019 +0200

    Don't check for safe-renegotiation with TLS1.3
    * lisp/net/nsm.el (nsm-protocol-check--renegotiation-info-ext): Don't
    check when using TLS1.3, renegotiation has been removed from TLS.
    Reported in

diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 5e8381075b..4515867db8 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -665,17 +665,19 @@ nsm-protocol-check--renegotiation-info-ext
 If this TLS extension is not used, the connection established is
 vulnerable to an attack in which an impersonator can extract
 sensitive information such as HTTP session ID cookies or login
+passwords.  Renegotiation was removed in TLS1.3, so this is only
+checked for earlier protocol versions.
 E. Rescorla, M. Ray, S. Dispensa, N. Oskov (Feb 2010).  \"Transport
 Layer Security (TLS) Renegotiation Indication Extension\",
-  (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))))
-    (and unsafe-renegotiation
-         (format-message
-          "safe renegotiation is not supported, connection not protected from 
+  (when (string-version-lessp (plist-get status :protocol) "TLS1.3")
+    (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))))
+      (and unsafe-renegotiation
+           (format-message
+            "safe renegotiation is not supported, connection not protected 
from impersonators")))))
 ;; Compression checks

reply via email to

[Prev in Thread] Current Thread [Next in Thread]