[Emacs-diffs] master 9c985a3: Minor improvements in recent NSM documenta

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] master 9c985a3: Minor improvements in recent NSM documenta

From:	Eli Zaretskii
Subject:	[Emacs-diffs] master 9c985a3: Minor improvements in recent NSM documentation changes
Date:	Sun, 8 Jul 2018 10:47:29 -0400 (EDT)

branch: master
commit 9c985a3d7a84bdfad17e11a12f671605bb31b3be
Author: Eli Zaretskii <address@hidden>
Commit: Eli Zaretskii <address@hidden>

    Minor improvements in recent NSM documentation changes
    
    * doc/emacs/misc.texi (Network Security): Improve wording and
    markup of last change.
    
    * src/gnutls.c (Fgnutls_peer_status): Doc fix.
    
    * etc/NEWS: Improve wording of last change.
---
 doc/emacs/misc.texi | 23 ++++++++++++-----------
 etc/NEWS            | 15 +++++++++------
 src/gnutls.c        |  2 +-
 3 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
index 9665138..3d34414 100644
--- a/doc/emacs/misc.texi
+++ b/doc/emacs/misc.texi
@@ -315,26 +315,27 @@ unverified connection, a temporary exception, or refuse 
the connection
 entirely.
 
 @vindex network-security-protocol-checks
-In addition to the basic certificate corrections checks,
-several @acronym{TLS} algorithm checks are available.  Some encryption
+In addition to the basic certificate correctness checks, several
address@hidden algorithm checks are available.  Some encryption
 technologies that were previously thought to be secure have shown
-themselves to be fragile, and Emacs will (by default) warn the users
-about some of these problems.
+themselves to be fragile, so Emacs (by default) warns you about some
+of these problems.
 
 The protocol network checks is controlled via the
 @code{network-security-protocol-checks} variable.
 
-It's an alist where the first element is the name of the check,
-the second is the security level where the check kicks in, and the
-optional third element is a parameter supplied to the check.
+It's an alist where the first element of each association is the name
+of the check, the second element is the security level where the check
+should be used, and the optional third element is a parameter supplied
+to the check.
 
 An element like @code{(rc4 medium)} will result in the function
 @code{nsm-protocol-check--rc4} being called like thus:
address@hidden(nsm-protocol-check--rc4 host port status optional-parameter)}.
address@hidden@code{(nsm-protocol-check--rc4 host port status 
optional-parameter)}}.
 The function should return address@hidden if the connection should
 proceed and @code{nil} otherwise.
 
-Below is a list of the checks done on the @code{medium} level.
+Below is a list of the checks done on the default @code{medium} level.
 
 @table @asis
 
@@ -374,8 +375,8 @@ connection to be encrypted.  If the connection isn't 
encrypted,
 
 @item Diffie-Hellman low prime bits
 When doing the public key exchange, the number of prime bits should be
-high to ensure that the channel can't be eavesdropped on by third
-parties.  If this number is too low, you will be warned.  (This is the
+high enough to ensure that the channel can't be eavesdropped on by third
+parties.  If this number is too low, Emacs will warn you.  (This is the
 @code{diffie-hellman-prime-bits} check in
 @code{network-security-protocol-checks}).
 
diff --git a/etc/NEWS b/etc/NEWS
index 8883066..dae028b 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -136,12 +136,15 @@ of what checks to run via the 
`network-security-protocol-checks'
 variable.
 
 +++
-** Most of the checks for outdated, believed-to-be-weak TLS algorithms
-and ciphers are now switched on by default.  To get the old behaviour
-back (where certificates are checked for validity, but no warnings
-about weak cryptography are issued), you can either set
-`network-security-protocol-checks' to nil, or adjust the elements in
-that variable to only happen on the `high' security level.
+** TLS connections have their security tightened by default.
+Most of the checks for outdated, believed-to-be-weak TLS algorithms
+and ciphers are now switched on by default.  By default, the NSM will
+flag connections using these weak algorithms and ask users whether to
+allow them.  To get the old behavior back (where certificates are
+checked for validity, but no warnings about weak cryptography are
+issued), you can either set 'network-security-protocol-checks' to nil,
+or adjust the elements in that variable to only happen on the 'high'
+security level (assuming you use the 'medium' level).
 
 +++
 ** New function 'fill-polish-nobreak-p', to be used in 
'fill-nobreak-predicate'.
diff --git a/src/gnutls.c b/src/gnutls.c
index dfbbecf..d7a4ee4 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1217,7 +1217,7 @@ The return value is a property list with top-level keys 
:warnings and
 The :warnings entry is a list of symbols you can get a description of
 with `gnutls-peer-status-warning-describe', and :certificates is the
 certificate chain for the connection, with the host certificate
-first, and intermediary certificates (if any) follow.
+first, and intermediary certificates (if any) following it.
 
 In addition, for backwards compatibility, the host certificate is also
 returned as the :certificate entry.  */)

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] master 9c985a3: Minor improvements in recent NSM documentation changes, Eli Zaretskii <=

Prev by Date: [Emacs-diffs] master c6de1f1: Fix typo in sha1-intermediate check
Next by Date: [Emacs-diffs] emacs-26 48efd1c: Minor fix of a recent documentation change
Previous by thread: [Emacs-diffs] master c6de1f1: Fix typo in sha1-intermediate check
Next by thread: [Emacs-diffs] emacs-26 48efd1c: Minor fix of a recent documentation change
Index(es):
- Date
- Thread