[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emacs-26 3302b7c: Mention the NSM in the gnutls variable doc strings
|
From: |
Robert Pluim |
|
Subject: |
Re: emacs-26 3302b7c: Mention the NSM in the gnutls variable doc strings |
|
Date: |
Mon, 09 Jul 2018 13:49:20 +0200 |
address@hidden (Lars Ingebrigtsen) writes:
> @@ -111,7 +123,14 @@ number with fewer than this number of bits, the
> handshake is
> rejected. \(The smaller the prime number, the less secure the
> key exchange is against man-in-the-middle attacks.)
>
> -A value of nil says to use the default GnuTLS value."
> +A value of nil says to use the default GnuTLS value.
> +
> +The default value of this variable is such that virtually any
> +connection can be established, whether this connection can be
> +considered cryptographically \"safe\" or not. However, Emacs
> +network security is handled at a higher level via
> +`open-network-stream' and the Network Security Manager. See Info
> +node `(emacs) Network Security'."
> :type '(choice (const :tag "Use default value" nil)
> (integer :tag "Number of bits" 512))
> :group 'gnutls)
So gnutls-min-prime-bits is still 256, but the NSM on its default
'medium' level will complain if it negotiates < 1024? Would it not
make more sense to set it to nil then? People who really need it at
256 can set it to that (and it should really be settable per-host, but
thatʼs a different issue).
Regards
Robert
- Re: emacs-26 3302b7c: Mention the NSM in the gnutls variable doc strings,
Robert Pluim <=