[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Eli Zaretskii |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Tue, 10 Jul 2018 19:10:40 +0300 |
> From: Jimmy Yuen Ho Wong <address@hidden>
> Date: Mon, 9 Jul 2018 19:47:23 +0100
> Cc: Lars Ingebrigtsen <address@hidden>, Emacs-Devel devel <address@hidden>
> > > "Note that since 3.1.7 this function is deprecated. The minimum number
> > > of bits is set by the priority string level. Also this function must
> > > be called after gnutls_priority_set_direct() or the set value may be
> > > overridden by the selected priority options."
> >
> > Granted, I saw that. I have GnuTLS installed with its Info manual.
> > But the above still doesn't tell what is the default number of bits,
> > even if I go hunting for the description of the priority string.
>
> I'm not sure of the significance of what you are trying to do
I'm trying to find some evidence to the number of bits GnuTLS will use
by default.
> but if you are trying to confirm the actual min prime bit, the file
> is here:
>
> https://gitlab.com/gnutls/gnutls/blob/master/lib/algorithms/secparams.c
>
> The second number is the DH min prime bits. Don't ask me which row is
> the actual default... I don't want to know...
What you asked not to ask is, of course, what I'm after. I guess the
answer is in gnutls_ui.c:
void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits)
{
if (bits < gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
GNUTLS_SEC_PARAM_WEAK)
&& bits != 0)
_gnutls_audit_log(session,
"Note that the security level of the
Diffie-Hellman key exchange has been lowered to %u bits and this may allow
decryption of the session data\n",
bits);
session->internals.priorities.dh_prime_bits = bits;
}
This tells us that the default is GNUTLS_SEC_PARAM_WEAK, i.e. this:
{"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1008, 160, 160}
IOW, indeed 1008 bits.
Thanks for pointing me in the right direction.
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security,
Eli Zaretskii <=
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Robert Pluim, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08