From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.bugs Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems Date: Thu, 28 Jun 2018 17:42:00 +0100 Message-ID: References: <87fu1apchn.fsf@gmail.com> <83in65r4n9.fsf@gnu.org> <87y3f1njku.fsf@gmail.com> <87tvpnojgt.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: blaine.gmane.org 1530204075 1034 195.159.176.226 (28 Jun 2018 16:41:15 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 28 Jun 2018 16:41:15 +0000 (UTC) Cc: 31946@debbugs.gnu.org, Noam Postavsky To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jun 28 18:41:11 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fYZyn-00008l-L4 for geb-bug-gnu-emacs@m.gmane.org; Thu, 28 Jun 2018 18:41:09 +0200 Original-Received: from localhost ([::1]:37580 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fYa0t-0005V6-Ac for geb-bug-gnu-emacs@m.gmane.org; Thu, 28 Jun 2018 12:43:19 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51853) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fYa0g-0005TO-74 for bug-gnu-emacs@gnu.org; Thu, 28 Jun 2018 12:43:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fYa0c-0006X0-Vo for bug-gnu-emacs@gnu.org; Thu, 28 Jun 2018 12:43:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:59137) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fYa0c-0006WQ-TE for bug-gnu-emacs@gnu.org; Thu, 28 Jun 2018 12:43:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fYa0c-0004uk-HF for bug-gnu-emacs@gnu.org; Thu, 28 Jun 2018 12:43:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jimmy Yuen Ho Wong Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 28 Jun 2018 16:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31946 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 31946-submit@debbugs.gnu.org id=B31946.153020414818849 (code B ref 31946); Thu, 28 Jun 2018 16:43:02 +0000 Original-Received: (at 31946) by debbugs.gnu.org; 28 Jun 2018 16:42:28 +0000 Original-Received: from localhost ([127.0.0.1]:38801 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fYa04-0004tx-Jt for submit@debbugs.gnu.org; Thu, 28 Jun 2018 12:42:28 -0400 Original-Received: from mail-io0-f175.google.com ([209.85.223.175]:33237) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fYa03-0004tk-8U for 31946@debbugs.gnu.org; Thu, 28 Jun 2018 12:42:27 -0400 Original-Received: by mail-io0-f175.google.com with SMTP id d185-v6so5859977ioe.0 for <31946@debbugs.gnu.org>; Thu, 28 Jun 2018 09:42:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yQvueGVOeMUXPD1gvuRu4pAFJwv1yk6ChcytjDRoATs=; b=pyj9Rq2LHk8iEB6XBYb8usO7GP8n1zPXAzqh57eXW6kEaSuy/eFzQSfarrxffPebFW XLnkrkSULwqcdAvC9anKEQaDmMshwCgU4tkmr8TC+kaEjYdgBefYN0+ISQUkpvPFG2wj cnh5um96aV1mdCUEWkGLIkNYsguDde9rRS64om8/5AbraiEkR77Z8x7/cDDi8Uter2w+ WeRpcYGLpWd651u3yDFzzypVoEJhL0qxsBb5o72Bs6qoeWWkSn3+m6Ftl6IzwiaK9INv txwD9S8kQDAOGW27FD/9KkV8gZ4Z9QZjW3ypSs6DKsaMY4jalsYHb/k8AePqGSqMV0xt wv+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yQvueGVOeMUXPD1gvuRu4pAFJwv1yk6ChcytjDRoATs=; b=ODDxA3Ki3CV0VJBrPtN9LJ/16gGaLqeAPUnCBw/+Z5wwX9oJGmYDnunaBrvqhjg4Cw 7QCdqZtGZQNnPd+U3wcMkExbBv7RG15lI6VVZO8gMP3KMldy6I6otVw+5YEa6fmoInF7 3hRT6imcVCHXOvTUTC5AQ4kXOToE+ufrymX50trkD3Da2AdzDh4TaWEmLz+NtLTau4OX Ezg8n3CjTkaHMIVGncsYTlWUNRWB272Lcb9M6O7iPYjDkJcNzU3q8+4yDbOKB+KAvNn1 Wl5XoFHdAYe+nO0VCdKqsojLzhf977jyu/lSPEYCW7DTaI4SUboddq0wytuh1yOW21+E JDQQ== X-Gm-Message-State: APt69E0Wy+nHr26+pfEXudiisuWMsEvzZOeHPl+MKhFpAdAIyywkKdYc PIFWBlwopYk60qaA1zWY2tC74VC8olivPUGa4Po= X-Google-Smtp-Source: AAOMgpfbGHNxZWiAiV9QPO3XvdTNTWh/sakG738EbV05JYDmYSBq/X0YpHjkn4kflKv6BYrgS79uVx0wc1IV1r2Ctiw= X-Received: by 2002:a6b:e008:: with SMTP id z8-v6mr9061028iog.296.1530204141200; Thu, 28 Jun 2018 09:42:21 -0700 (PDT) Original-Received: by 2002:a02:985d:0:0:0:0:0 with HTTP; Thu, 28 Jun 2018 09:42:00 -0700 (PDT) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:147915 Archived-At: > I can't see that that web page mentions Diffie-Hellman at all? > Click on the individual browsers. > And Firefox in Debian Stable certainly supports Diffie-Hellman. > Firefox on Debian is Firefox 52 ESR, it's 9 versions behind current. Firefox 60 ESR is in the experimental section. SSLLabs only reports that Firefox 59 / Win 7 has dropped support for DHE_RSA in the UA capabilities page[1], but client test[2] still shows it is supported, so does Chrome and Safari. I don't understand what's going on there. Could that list in in client test be static? Or that browsers still advertise their support for DHE_RSA when in fact they don't? Might have to get on a server and log out the TLS handshake to see what's actually going on... [1]: https://www.ssllabs.com/ssltest/clients.html [2]: https://www.ssllabs.com/ssltest/viewMyClient.html