From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: emacs-26 3302b7c: Mention the NSM in the gnutls variable doc strings Date: Mon, 09 Jul 2018 13:49:20 +0200 Message-ID: <87va9omxxb.fsf@gmail.com> References: <20180708135930.31863.22883@vcs0.savannah.gnu.org> <20180708135931.BCDF7205D8@vcs0.savannah.gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1531136889 27840 195.159.176.226 (9 Jul 2018 11:48:09 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 9 Jul 2018 11:48:09 +0000 (UTC) Cc: Lars Ingebrigtsen To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jul 09 13:48:05 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcUeC-000760-05 for ged-emacs-devel@m.gmane.org; Mon, 09 Jul 2018 13:48:04 +0200 Original-Received: from localhost ([::1]:40867 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcUgI-0007Al-OO for ged-emacs-devel@m.gmane.org; Mon, 09 Jul 2018 07:50:14 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42699) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcUfZ-00079s-8b for emacs-devel@gnu.org; Mon, 09 Jul 2018 07:49:33 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcUfT-00037d-Vr for emacs-devel@gnu.org; Mon, 09 Jul 2018 07:49:29 -0400 Original-Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]:38753) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fcUfT-00037K-O9 for emacs-devel@gnu.org; Mon, 09 Jul 2018 07:49:23 -0400 Original-Received: by mail-wr1-x435.google.com with SMTP id j33-v6so10651758wrj.5 for ; Mon, 09 Jul 2018 04:49:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-copies-to:gmane-reply-to-list :date:in-reply-to:message-id:mime-version:content-transfer-encoding; bh=B9YR+TXhR2FnKpNTIN74l5zhfSwd9WP3rFRsVtD8Bk8=; b=dj7iQk4l7j/Ky1xciPxREeeSXaWf2WMLl4+tAb70ROYNuPaesOXsqy6xhHb0J/hlsm Y9TIOJgYSORTl3E4Nk1LF7RNh+O1cv5iJJ8g11xKyn2FBfEwk+NmbBbzIjYraIfcqILW xM7dGwB8LQsccwThpS6do0iB2nQ94KWCttiSMU1zMRxr72jCFouBWburhY9kc80nVGuB lT3p/8E/LTb0YSmYPSRQ0AbuJDwg6J3/Q1VnED7Lwd+1zHTd3gaANPs2xXz0SZC4Tc6F OB30x2wh2rvRaumhcuparWV7hFbbw+c9eXlg2LPz+1TtxkZAFFldWD5f2DjHX8Yu2npA 5Slw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=B9YR+TXhR2FnKpNTIN74l5zhfSwd9WP3rFRsVtD8Bk8=; b=N9XbUI0+LpA2B0MshxV2Z5hnn6J/jhWd0Xu8He44XqK1eDQLDgA22x3Ooj/s8rnDqA xVzlNn1qDjXP1cdS/eN6QXw9/S36MWsA8/KMXLgNz1FSmwjboF950zjvF/7Bs89syB89 tSMUleotN9/jy6ATTMzYR5JtFYFkNtrS/snQm10bHITj7G9pAdF0HnHm30hUC2OHXayL EPud/U5FslhJnr8P0ajuapg6J68PsuUoNsdhTmb9OGpRKBPmquNtz19dF9tpO0LYabVI xRf/EZmlWZL64meSKAwsMKHAaCNdkjTRyA4Pib+HpN9y3fHs4WD1tR0z9nvj2gFvQwBO D+/w== X-Gm-Message-State: APt69E0Gde7PAZuu6NYVD/diW/gjmhIFqL6TLrr/ax6X04nodk98NMWn uCstVqAN4GgYtjgCvRjpcic= X-Google-Smtp-Source: AAOMgpdQnrBR2LI8wa0Am4+kQPmucaj8G0M3kR1BIw/vQYW62QiyBuPxZyTKkFJDn3XEqlAolVV8WQ== X-Received: by 2002:adf:fa45:: with SMTP id y5-v6mr15880384wrr.138.1531136962105; Mon, 09 Jul 2018 04:49:22 -0700 (PDT) Original-Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id w2-v6sm25233309wme.45.2018.07.09.04.49.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Jul 2018 04:49:21 -0700 (PDT) Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: <20180708135931.BCDF7205D8@vcs0.savannah.gnu.org> (Lars Ingebrigtsen's message of "Sun, 8 Jul 2018 09:59:31 -0400 (EDT)") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::435 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227146 Archived-At: larsi@gnus.org (Lars Ingebrigtsen) writes: > @@ -111,7 +123,14 @@ number with fewer than this number of bits, the hand= shake is > rejected. \(The smaller the prime number, the less secure the > key exchange is against man-in-the-middle attacks.) >=20=20 > -A value of nil says to use the default GnuTLS value." > +A value of nil says to use the default GnuTLS value. > + > +The default value of this variable is such that virtually any > +connection can be established, whether this connection can be > +considered cryptographically \"safe\" or not. However, Emacs > +network security is handled at a higher level via > +`open-network-stream' and the Network Security Manager. See Info > +node `(emacs) Network Security'." > :type '(choice (const :tag "Use default value" nil) > (integer :tag "Number of bits" 512)) > :group 'gnutls) So gnutls-min-prime-bits is still 256, but the NSM on its default 'medium' level will complain if it negotiates < 1024? Would it not make more sense to set it to nil then? People who really need it at 256 can set it to that (and it should really be settable per-host, but that=CA=BCs a different issue). Regards Robert