[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
|
From: |
Jimmy Yuen Ho Wong |
|
Subject: |
Re: A couple of questions and concerns about Emacs network security |
|
Date: |
Mon, 9 Jul 2018 18:09:44 +0100 |
On Mon, Jul 9, 2018 at 6:02 PM Eli Zaretskii <address@hidden> wrote:
>
> > From: Lars Ingebrigtsen <address@hidden>
> > Cc: address@hidden, address@hidden
> > Date: Sun, 08 Jul 2018 21:28:20 +0200
> >
> > Eli Zaretskii <address@hidden> writes:
> >
> > >> Users aren't supposed to care about that variable, anyway, since the NSM
> > >> warns about less than 1024 bits...
> > >
> > > Yes, but what if GnuTLS bumps the default to more than that? And even
> > > if not, I think I might like to know how far below 1024 I'm going to
> > > be if I allow the connection.
> >
> > The NSM will say explicitly how many bits the DH exchange is using. Try
> > this one with `M-x eww'
> >
> > https://dh480.badssl.com/
> >
> > and you should get the warning.
>
> The warning says
>
> The Diffie-Hellman prime bits (480) used for this connection to
> dh480.badssl.com:443 is less than what is considered safe (1024)
>
> So it doesn't show the 1008 value. What did I miss?
Nothing. The server you are connecting will only give you a 480-bit
prime. Since your Emacs is still using 256 `gnutls-min-prime-bit`,
GnuTLS lowered the lower bound from 1008 to 256, and then negotiate a
bit length as high as the server can go. What you see is expected.
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security,
Jimmy Yuen Ho Wong <=
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Robert Pluim, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08