Re: A couple of questions and concerns about Emacs network security

[Jimmy Yuen Ho Wong]

>
>   A value of nil says to use the default GnuTLS value."
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Which of course immediately begs the question "what is my GnuTLS's
> default value?"

That's what I've been saying all along. There are a couple of issues
we are discussing regarding setting the standard value of
`gnutls-min-prime-bits` to 256.

1. The standard value does not match the default value, when you say
it it's a default but not really OOTB, what exactly is the default?
2. Default nil doesn't tell the user what exactly is the GnuTLS
default either, that seems to be what you are wondering.
3. I've been trying to find a way where you don't need to care about
what the default is. My first attempt at surfacing the DH prime from a
failed handshake seems to have failed. The only other way I can think
of is set gnutls-min-prime-bits to 256 on the C side, and leave it to
nil in Lisp. This way its behavior is consistent with how we already
handles gnutls-algorithm-priority - we just hardcode a NORMAL in the C
side when unspecified. This way you don't have to explain anything.