[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network Security Manager warns safe renegotiation is not supported
From: |
Herbert J. Skuhra |
Subject: |
Re: Network Security Manager warns safe renegotiation is not supported |
Date: |
Thu, 5 Sep 2019 09:53:08 +0200 |
User-agent: |
Mutt/1.12.1 (2019-06-15) |
On Thu, Sep 05, 2019 at 08:51:23AM +0200, Robert Pluim wrote:
> >>>>> On Sun, 01 Sep 2019 12:37:10 -0400, Amin Bandali <bandali@gnu.org> said:
> Amin> I’m no security expert, but I don’t think that’s a good idea.
> Setting
> Amin> `gnutls-algorithm-priority' to that value basically tells GnuTLS to
> skip
> Amin> TLS1.3 altogether, which is the latest version of the TLS protocol.
>
> Amin> The issue seems to be that nsm.el checks for renegotiation_info[1]
> for
> Amin> TLS1.3 connections as well; but if I understand correctly,
> renegotiation
> Amin> was removed from TLS1.3, according to [2] and [3]. I *think* the
> proper
> Amin> way to fix this would be have nsm *not* check for
> renegotiation-info-ext
> Amin> for TlS1.3 connections. Please don’t take my word for this as,
> again,
> Amin> I’m no security/GnuTLS expert. Hopefully others with more
> knowledge can
> Amin> chime in to clarify.
>
> Correct. Fixed in emacs-master.
Hi,
I am still getting:
Certificate information
Issued by: Let's Encrypt Authority X3
Issued to: CN=elpa.gnu.org
Hostname: elpa.gnu.org
Public key: RSA, signature: RSA-SHA256
Session: TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM, mac:
AEAD
Security level: Medium
Valid: From 2019-08-07 to 2019-11-05
The TLS connection to elpa.gnu.org:443 is insecure
for the following reason:
* safe renegotiation is not supported, connection not protected from
impersonators
--
Herbert
- Re: Network Security Manager warns safe renegotiation is not supported, Jude DaShiell, 2019/09/01
- Re: Network Security Manager warns safe renegotiation is not supported, Amin Bandali, 2019/09/01
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported,
Herbert J. Skuhra <=
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Herbert J. Skuhra, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Message not available
- Re: Network Security Manager warns safe renegotiation is not supported, Lars Magne Ingebrigtsen, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Message not available
- Re: Network Security Manager warns safe renegotiation is not supported, Lars Magne Ingebrigtsen, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Robert Pluim, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Herbert J. Skuhra, 2019/09/05
- Re: Network Security Manager warns safe renegotiation is not supported, Herbert J. Skuhra, 2019/09/05