From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.bugs Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems Date: Wed, 27 Jun 2018 17:40:17 +0100 Message-ID: References: <87fu1apchn.fsf@gmail.com> <83in65r4n9.fsf@gnu.org> <87y3f1njku.fsf@gmail.com> <836024qmyv.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="00000000000049b94f056fa24635" X-Trace: blaine.gmane.org 1530117943 12984 195.159.176.226 (27 Jun 2018 16:45:43 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 27 Jun 2018 16:45:43 +0000 (UTC) Cc: Lars Ingebrigtsen , 31946@debbugs.gnu.org, Noam Postavsky To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Jun 27 18:45:39 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fYDZa-0003HY-9v for geb-bug-gnu-emacs@m.gmane.org; Wed, 27 Jun 2018 18:45:38 +0200 Original-Received: from localhost ([::1]:60467 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fYDbh-0004e6-NP for geb-bug-gnu-emacs@m.gmane.org; Wed, 27 Jun 2018 12:47:49 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33426) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fYDVC-0007dv-G6 for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 12:41:10 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fYDV8-0007lo-Dx for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 12:41:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:58172) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fYDV8-0007lV-AD for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 12:41:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fYDV7-0003QP-UE for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 12:41:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jimmy Yuen Ho Wong Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 27 Jun 2018 16:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31946 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 31946-submit@debbugs.gnu.org id=B31946.153011765213140 (code B ref 31946); Wed, 27 Jun 2018 16:41:01 +0000 Original-Received: (at 31946) by debbugs.gnu.org; 27 Jun 2018 16:40:52 +0000 Original-Received: from localhost ([127.0.0.1]:37836 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fYDUu-0003Pp-Bv for submit@debbugs.gnu.org; Wed, 27 Jun 2018 12:40:51 -0400 Original-Received: from mail-it0-f43.google.com ([209.85.214.43]:38454) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fYDUp-0003PZ-Vw for 31946@debbugs.gnu.org; Wed, 27 Jun 2018 12:40:47 -0400 Original-Received: by mail-it0-f43.google.com with SMTP id v83-v6so8365762itc.3 for <31946@debbugs.gnu.org>; Wed, 27 Jun 2018 09:40:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NJdxD4lHquqXyy1m/7bxx1HSC0Y5YT/AwOyhHdyoLBY=; b=fbSuh26grvDHMZeK5Z6bzjLc2tCT+bb8AFdfhPPPhGw9EIxKNqeo5BoMuJVRT76imj Ts8+YfhBTVG0WsX5mr3s0TaFxmLjymcuqYrls5jvNgk+Lx9jSk/KQ2G/hpUVZSD9xJYd L35uH9uH3PifpHhaXTOj8Pqvx/Fm+u/S/iNe5OGtdu7COPwMjQP3SlT1uxvO3WCNC1Vk M/KVNM0Wv1fdzMpUJVajpMGnkPK3YWYnY75RKa3Q9/0JHhJENwCBTiOO9sb7ECdgr9eS ZbTRBtX+RfXz84mPLNOT9QpdGtgjGQPhRgLmhKsoEEoUZBzAqKVgGgE23lFRgXnfl4fe trgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NJdxD4lHquqXyy1m/7bxx1HSC0Y5YT/AwOyhHdyoLBY=; b=kxmMU4bSTlLLO+r1I2UHqtXJSL2JdZvv5/HF28qMTai4bocsEKrPA5owXTt9Z3R0qA J7PEEAp63J1zZtH68UBBIJfOn70W7V6Xp+x8g+pUx1qcrsXjGroe54lTHBWbyWu2QJZJ Yr/zd5x/wt6UuKY4w0f7mNZeewYH7NTTAehsVzyh56fAmd497Rc98pfElxTKcjNwIO5O WqBbvSm8jEP+lEkm7yy5zkeM7a9Cl6zI9nH/wvtpOQv8tsypLg3/XI7yAoNF3+6ELH+i eSjgSF++d+eVgrudNy8kF5Rcgw3cREtm6dzKPnmc8Sus089FR9nwjyOWXwqHcncSVDx3 NLKw== X-Gm-Message-State: APt69E1ao9HYoQdt9Ze01GILrxxodU3HPTeupGDH0Bc0VaQqNc0DMrEj 1LKWyQwJNDrBPllI06hG9+TaLggLKVg1zOCyUpA= X-Google-Smtp-Source: AAOMgpcOcKcvt9WQO66EIx2sM+7j6K7yV4xdpw7jzGcY+L5J1bvFE8XKg1cXn9u+WZvEcskowXNMrgyhwFu/obmYEAQ= X-Received: by 2002:a24:cf57:: with SMTP id y84-v6mr5668229itf.98.1530117638172; Wed, 27 Jun 2018 09:40:38 -0700 (PDT) Original-Received: by 2002:a02:985d:0:0:0:0:0 with HTTP; Wed, 27 Jun 2018 09:40:17 -0700 (PDT) In-Reply-To: <836024qmyv.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:147874 Archived-At: --00000000000049b94f056fa24635 Content-Type: text/plain; charset="UTF-8" I've been reading a bit more on recent cipher and key exchange negotiation changes, it appears that the reason 3des "fail" on modern browsers is the same reason they "fail" dh-small-subgroup and dh-composite. They are not actually failing if the negotiated KX algo is ECDHE. As a good measure, I think we should also offer in the high profile, checks for RSA KX and CBC mode ciphers. They are all marked as weak by modern browsers. There are apparently enterprise middlewares that decrypt RSA KX for monitoring. CBC is weak and should also be checked in the high profile because BEAST and POODLE (high because of compatibiltiy). On Wed, Jun 27, 2018 at 4:16 PM, Eli Zaretskii wrote: > > From: Lars Ingebrigtsen > > Cc: 31946@debbugs.gnu.org, Noam Postavsky , Eli > Zaretskii > > Date: Wed, 27 Jun 2018 14:20:16 +0200 > > > > Speaking of which -- it's quite a mouthful to say: > > > > (open-network-stream > > "foo" nil "dh-composite.badssl.com" "https" > > :tls-parameters (cons 'gnutls-x509pki (gnutls-boot-parameters > > :hostname " > dh-composite.badssl.com"))) > > > > I've been meaning to add a :tls keyword to `open-network-stream' that > > would make > > > > (open-network-stream "foo" nil "dh-composite.badssl.com" "https" :tls t) > > > > a short way to write the above. I.e., the default TLS parameters (which > > is what you need in 99.9% of the cases) would be used if you just say > > :tls t. > > > > Does that sound OK to you, Eli? > > Sounds good, but does it really require a new property? Why not a > special value of the existing :tls-parameters? For example: > > (open-network-stream "foo" nil "dh-composite.badssl.com" "https" > :tls-parameters 'tls-defaults) > --00000000000049b94f056fa24635 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I've been reading a bit more on recent cipher and= key exchange negotiation changes, it appears that the reason 3des "fa= il" on modern browsers is the same reason they "fail" dh-sma= ll-subgroup and dh-composite. They are not actually failing if the negotiat= ed KX algo is ECDHE.

As a good measure, I think we= should also offer in the high profile, checks for RSA KX and CBC mode ciph= ers. They are all marked as weak by modern browsers. There are apparently e= nterprise middlewares that decrypt RSA KX for monitoring. CBC is weak and s= hould also be checked in the high profile because BEAST and POODLE (high be= cause of compatibiltiy).

On Wed, Jun 27, 2018 at 4:16 PM, Eli Zaretskii <eliz@gnu= .org> wrote:
> From: Lar= s Ingebrigtsen <larsi@gnus.org>=
> Cc: 31946@debbugs.gnu.org= ,=C2=A0 Noam Postavsky <npostavs@g= mail.com>, Eli Zaretskii <eliz@gn= u.org>
> Date: Wed, 27 Jun 2018 14:20:16 +0200
>
> Speaking of which -- it's quite a mouthful to say:
>
> (open-network-stream
>=C2=A0 "foo" nil "dh-composite.badssl.com"= "https"
>=C2=A0 :tls-parameters (cons 'gnutls-x509pki (gnutls-boot-parameter= s
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0:hostname "dh-composite.badssl.com")))
>
> I've been meaning to add a :tls keyword to `open-network-stream= 9; that
> would make
>
> (open-network-stream "foo" nil "dh-composite.badss= l.com" "https" :tls t)
>
> a short way to write the above.=C2=A0 I.e., the default TLS parameters= (which
> is what you need in 99.9% of the cases) would be used if you just say<= br> > :tls t.
>
> Does that sound OK to you, Eli?

Sounds good, but does it really require a new property?=C2=A0 Why no= t a
special value of the existing :tls-parameters?=C2=A0 For example:

=C2=A0 (open-network-stream "foo" nil "dh-composite.bad= ssl.com" "https"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0:tls-parameters 'tls-defaults)

--00000000000049b94f056fa24635--