From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#11267: bug#15057: 24.3.50; TLS error with reasonably high gnutls-min-prime-bits, bug#11267: 24.0.95; gnutls.c: [0] (Emacs) fatal error: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). Date: Tue, 11 Feb 2014 18:54:49 -0500 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: <8761ol5ho6.fsf@lifelogs.com> References: <87iozfl001.fsf@thinkpad.tsdh.org> <87lhxx6kr0.fsf@building.gnus.org> <871tzbaf1n.fsf@lifelogs.com> <874nsi12ng.fsf@niu.edu> <6mwr5d6l6e.fsf@fencepost.gnu.org> <20367.61741.640831.184941@gargle.gargle.HOWL> <20368.16452.379860.520133@gargle.gargle.HOWL> <87k4152t8j.fsf@lifelogs.com> <20375.1898.39520.582160@gargle.gargle.HOWL> <87ob2f8zdr.fsf@lifelogs.com> <21240.16957.410641.502622@gargle.gargle.HOWL> <87ppmvwu5h.fsf@building.gnus.org> <87d2iv8ck8.fsf@lifelogs.com> <87ppmup75m.fsf@building.gnus.org> <87mwhx686x.fsf@lifelogs.com> <21242.43234.861627.965636@gargle.gargle.HOWL> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1392162911 19579 80.91.229.3 (11 Feb 2014 23:55:11 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 11 Feb 2014 23:55:11 +0000 (UTC) Cc: Nikos Mavrogiannopoulos , 15057@debbugs.gnu.org, 16253@debbugs.gnu.org, 11267@debbugs.gnu.org, Tassilo Horn , Lars Ingebrigtsen To: "Roland Winkler" Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Feb 12 00:55:19 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WDNAb-0004Fb-9f for geb-bug-gnu-emacs@m.gmane.org; Wed, 12 Feb 2014 00:55:17 +0100 Original-Received: from localhost ([::1]:36515 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WDNAa-0000zq-QM for geb-bug-gnu-emacs@m.gmane.org; Tue, 11 Feb 2014 18:55:16 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38825) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WDNAS-0000x4-5K for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2014 18:55:13 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WDNAN-0001ax-CB for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2014 18:55:08 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:46800) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WDNAN-0001Zj-8T for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2014 18:55:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WDNAL-0006p9-Q0 for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2014 18:55:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 11 Feb 2014 23:55:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 11267 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 11267-submit@debbugs.gnu.org id=B11267.139216289626210 (code B ref 11267); Tue, 11 Feb 2014 23:55:01 +0000 Original-Received: (at 11267) by debbugs.gnu.org; 11 Feb 2014 23:54:56 +0000 Original-Received: from localhost ([127.0.0.1]:47980 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WDNAF-0006oe-St for submit@debbugs.gnu.org; Tue, 11 Feb 2014 18:54:56 -0500 Original-Received: from mail-qc0-f174.google.com ([209.85.216.174]:55250) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WDNA6-0006o1-Bc for 11267@debbugs.gnu.org; Tue, 11 Feb 2014 18:54:51 -0500 Original-Received: by mail-qc0-f174.google.com with SMTP id x13so14003887qcv.5 for <11267@debbugs.gnu.org>; Tue, 11 Feb 2014 15:54:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=DIluoanrtCxxnAlJT5gJfXWLmxp0Hvu7c4qkl1XJX8s=; b=siAQRtXFV/7E8nDW/B0HzftPFpM2pLNcxYC6ZxxxVF679jSogiohmfj4iaKRUKtias CdEU8XvDfGy+2KvGZVnejeoppltDAimMIrS87tHgI1YfeAIXW4fAfMO4fvU0JtKAt5DO JPdJyhE0poZbSq8fOkD46LT54in92vtuaA/tg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=DIluoanrtCxxnAlJT5gJfXWLmxp0Hvu7c4qkl1XJX8s=; b=h5Sae+GwWQ7sqyYsD+joGl1N7hYbuPhOdudARwSyfzFEJ2E13/zXcwlzzz8XGmYQ3I L68mK6EDerBYMJWoRBocqMgtw+ug2fgiZqI2IiJBJF0idpqDhdUYfb/18SsYnrg0S2rw gc9l8fJypmkkoT/Uu/fgiWVxp6Jm9d1IyJsLTjlp3STtFKJQOCH0Q5jx5npWG7VRbvCY fXyGIGzz/r17+YEDCxFV2L7ThNS8wbftXOOhe1suWjrSv7hjt6aC7Ain62/GyHFF1IuV 39OYNrG0uuBjvQR5dA0wM8bOxCUCuk1mE+owyskPnjLzRaLj+RDkkEKJtqddhJOjrR1q 2aiw== X-Gm-Message-State: ALoCoQnR71R+ic6wRClpiPG9dnKZ9pbOOi4+p7F4uYFpJWL3IitLuYgLsfYyKJDCw1xfSiCSqH5d X-Received: by 10.224.44.8 with SMTP id y8mr62881309qae.44.1392162880666; Tue, 11 Feb 2014 15:54:40 -0800 (PST) Original-Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id 3sm57437362qan.15.2014.02.11.15.54.39 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 11 Feb 2014 15:54:40 -0800 (PST) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: <21242.43234.861627.965636@gargle.gargle.HOWL> (Roland Winkler's message of "Tue, 11 Feb 2014 16:49:06 -0600") User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:85415 Archived-At: On Tue, 11 Feb 2014 16:49:06 -0600 "Roland Winkler" wrote: RW> On Tue Feb 11 2014 Ted Zlatanov wrote: >> So my proposal is simply to provide two buttons "allow host X to >> connect with lower DHE security [temporarily] [permanently]" and >> when the button is clicked, customize `gnutls-algorithm-priority' >> to allow DHE to that specific host. >> >> `gnutls-negotiate' has to be changed slightly and the connection >> rejection from insecure hosts will need to be handled in gnutls.c >> and gnutls.el. >> >> I think that's as seamless as we can make it, especially noting >> that `gnutls-min-prime-bits' is deprecated since GnuTLS 3.1.7 (see >> http://www.gnutls.org/manual/gnutls.html#index-gnutls_005fdh_005fset_005fprime_005fbits). >> >> If we provide that simple UI, plus some help messaging, I think we >> can disable DHE by default. Based on Nikos' explanation, it seems >> to be the best way forward. RW> Whatever customizability will be provided (permanently or RW> temporarily on the fly), I'd find it most important to have RW> documentation that allows the user to put the choices into RW> perspective. -- Is this feasible? Certainly, we cannot expect that RW> the average user who is offered a pop-up menu with choices "allow RW> host X to connect with lower DHE security [temporarily] RW> [permanently]" that he can readily understand its implications and RW> put it into perspective. (DHE security lower than what? Lower by RW> how much? How insecure is that?) I'm sure we can come up with more helpful messaging. Does it have to fit in 78 chars? Can we use buttons? If so, it could be like this, going over 78 but not too much: !! remote host X requires lower security [OK once] [OK always] [Cancel] [?] With the ? taking the user to more details: a help message or even the relevant section of gnutls.texi If we can use a multi-line message it becomes easier, certainly. The buttons could instead be a simple (y,Y,n,?) prompt. But that could be confusing to the inexperienced users we're trying to help. I need some guidance :) I don't know if this has been implemented in another part of Emacs or other packages. Thanks Ted