Re: A couple of questions and concerns about Emacs network security

[Jimmy Yuen Ho Wong]

>
> > Users aren't supposed to care about that variable, anyway, since the NSM
> > warns about less than 1024 bits...
>
> Yes, but what if GnuTLS bumps the default to more than that?  And even
> if not, I think I might like to know how far below 1024 I'm going to
> be if I allow the connection.

I've surfaced the DH_PRIME_UNACCEPTABLE error from the handshake to
the Lisp side here.
https://github.com/wyuenho/emacs/commit/6c00758175b227338005533b27999435b33528d5

I'm don't like this change to much. It's full of exceptions in the C
code, and you still can't get the prime bits the server sent over,
because gnutls_dh_get_prime_bits() only returns a prime bit if an
actual DH key exchange was done. Since the handshake failed early as
soon as the client found out the prime bits are too low, ciphers, mac
and all the rest were not negotiated, so they are all NULL. You do at
least get a warning that lets you know the prime bit is too low tho,
and you can still proceed with this connection tho, but it wouldn't be
very useful. Since the handshake failed, the result will be a plain
HTTP request to an HTTPS port, of which the server will typically
return with an HTTP 400.

Perhaps it's simply better to let the user know that they can (setq
gnutls-log-level 1) to log out the actual GnuTLS error message (which
is still just prime bits too low without specifying a number)