From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jens Lechtenboerger Newsgroups: gmane.emacs.bugs Subject: bug#19284: 25.0.50; tls.el uses option --insecure Date: Fri, 05 Dec 2014 20:43:09 +0100 Message-ID: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1417808677 31852 80.91.229.3 (5 Dec 2014 19:44:37 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 5 Dec 2014 19:44:37 +0000 (UTC) To: 19284@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Dec 05 20:44:29 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xwynh-0006wP-1l for geb-bug-gnu-emacs@m.gmane.org; Fri, 05 Dec 2014 20:44:25 +0100 Original-Received: from localhost ([::1]:52266 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xwyng-0003yI-I6 for geb-bug-gnu-emacs@m.gmane.org; Fri, 05 Dec 2014 14:44:24 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50746) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XwynU-0003y2-KG for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:44:22 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XwynK-0005tx-MN for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:44:12 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:57763) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XwynK-0005ts-JA for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:44:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1XwynK-0005vt-4q for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:44:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 05 Dec 2014 19:44:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.141780863422782 (code B ref -1); Fri, 05 Dec 2014 19:44:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 5 Dec 2014 19:43:54 +0000 Original-Received: from localhost ([127.0.0.1]:54976 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XwynC-0005vN-72 for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:54 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:48845) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XwynA-0005vG-Q0 for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:52 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xwyn0-0005f5-RF for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:52 -0500 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:38678) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xwyn0-0005ez-OM for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:42 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50545) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xwymt-0003xe-7b for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:43:42 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xwyml-0005Zx-OI for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:43:35 -0500 Original-Received: from mx2.mailbox.org ([80.241.60.215]:39502) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xwyml-0005ZW-Hv for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:43:27 -0500 Original-Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 67BF841F37 for ; Fri, 5 Dec 2014 20:43:26 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Original-Received: from smtp1.mailbox.org ([80.241.60.240]) (using TLS with cipher AES256-GCM-SHA384) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTPS id heevfMwCnvXR for ; Fri, 5 Dec 2014 20:43:11 +0100 (CET) User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:96900 Archived-At: This is a followup to bug#16978, where I reported multiple MITM issues. tls.el calls gnutls-cli with option --insecure. As Emacs applies TOFU by default via nsm.el (great work, many thanks!), the above is dangerous. I continue to use the following: (setq tls-program '("gnutls-cli --strict-tofu -p %p %h")) I=E2=80=99m not sure under what conditions tls.el is necessary. Is it? Best wishes Jens