From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Mon, 9 Jul 2018 19:10:09 +0100 Message-ID: References: <83o9g2uhju.fsf@gnu.org> <20180705115826.73c1d95e@jabberwock.cb.piermont.com> <878t6lom8g.fsf@mouse.gnus.org> <87pnzxn4kw.fsf@mouse.gnus.org> <87fu0tmxfs.fsf@mouse.gnus.org> <83va9pha36.fsf@gnu.org> <83tvp9h9dv.fsf@gnu.org> <87y3ellggt.fsf@mouse.gnus.org> <83sh4th84d.fsf@gnu.org> <83lgakgxdf.fsf@gnu.org> <83bmbggu9k.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: blaine.gmane.org 1531159728 20637 195.159.176.226 (9 Jul 2018 18:08:48 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 9 Jul 2018 18:08:48 +0000 (UTC) Cc: Lars Ingebrigtsen , Emacs-Devel devel To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jul 09 20:08:44 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcaaY-0005DW-E1 for ged-emacs-devel@m.gmane.org; Mon, 09 Jul 2018 20:08:42 +0200 Original-Received: from localhost ([::1]:43785 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcaca-0002l1-H8 for ged-emacs-devel@m.gmane.org; Mon, 09 Jul 2018 14:10:48 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52060) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcacM-0002iK-Mu for emacs-devel@gnu.org; Mon, 09 Jul 2018 14:10:38 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcacJ-0002xJ-2p for emacs-devel@gnu.org; Mon, 09 Jul 2018 14:10:34 -0400 Original-Received: from mail-it0-x236.google.com ([2607:f8b0:4001:c0b::236]:38796) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fcacE-0002ue-G5; Mon, 09 Jul 2018 14:10:26 -0400 Original-Received: by mail-it0-x236.google.com with SMTP id v71-v6so17147424itb.3; Mon, 09 Jul 2018 11:10:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FRQyp2M2tQgXCCNgwVBnEduTaIULndhDXUDLCgJsCSc=; b=fu8FW+LC2OIeuUhdNSHMNyuWYMe1mZtbXxn7ymlx8GKCyKrK8XTp0NASGpITEhiFQt lQHUCt5xfZ7IF2DO++fBW6uCvmFHBA9Rmu5VM9I1vEwDb+Xb4ApqKfVf4zDOFNcolpnV b7XCpGi9LumFCJuxeeOELZ8BeJghu7gupT8xuj6kBVHOxYxstxFYQ0iUbKCmvN5DlSC2 zXjVzizgd292RXJkr1sriYVDQKhsq0Obg3Oc5x8UvHcXUA7kDNY5Hj90pRUXIvvu6Ghk dpsqtq0KW8qSPjElyNCV4qGXCFHs+YH/nRqPoVneG65WJVTg1/d1+UeBZn6hLqbnhRba NJbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FRQyp2M2tQgXCCNgwVBnEduTaIULndhDXUDLCgJsCSc=; b=XI+FUIP4YVcJBoTU4HLT9z5GFnbZtPeLbYvdE51FN7skSDRccGIEF4+KnLpXUmWMuw optQIjJjuXEaL4e3a2qDPbrDzT91cnkDX5Bo9apaDpzVn34cRoSyucvJoD7KUa+dTNR+ IXrWfogX0o0EXq9Buu2xXMwfKLq3kfy9Y+YH0lAZ6Enw5lH+ku6YSeMN+NySHseTAYg9 2PCeJ5r4J2ZRNAXxIrpLpGNHFxQulwTnH6M/QcjomIRoj9WICcYyHrDFKraInNa6tAUA TksqSOBLdXF2rk14u+Ze7E4EimGU6dwPaqp/ns5QcWD4tVI6xfYaRvQx8+KKwcKE6QIc R2cA== X-Gm-Message-State: APt69E221uBu90e6BEanVl6HM7gZl/Y7pA2a5+tpBWWR7fheVQ8yWgvz F0lOZh4cOmpHu/tmZCItTURWiozNk63fL0+WE6ynKWDA X-Google-Smtp-Source: AAOMgpcy573/kZBCwTVn9Dft1suToQPSK+5maT9mReV/G7PkJHVfPI0vPwOmB/VJb8dPpbEhK3iXDWxMGw3WdPO6pBU= X-Received: by 2002:a24:5442:: with SMTP id t63-v6mr18417834ita.31.1531159825718; Mon, 09 Jul 2018 11:10:25 -0700 (PDT) In-Reply-To: <83bmbggu9k.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4001:c0b::236 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227170 Archived-At: On Mon, Jul 9, 2018 at 7:05 PM Eli Zaretskii wrote: > > > From: Jimmy Yuen Ho Wong > > Date: Mon, 9 Jul 2018 18:38:14 +0100 > > Cc: Lars Ingebrigtsen , Emacs-Devel devel > > This is what (setq gnutls-min-prime-bits nil) means: > > > > https://github.com/emacs-mirror/emacs/blob/master/src/gnutls.c#L1854 > > This still doesn't tell me what nil means: > > prime_bits = Fplist_get (proplist, QCmin_prime_bits); > [...] > if (INTEGERP (prime_bits)) > gnutls_dh_set_prime_bits (state, XUINT (prime_bits)); > > If prime_bits is nil, we do nothing with it. We only use it if it is > an integer. Yep. By not setting it from the Emacs's side, it means the DH prime bits is controlled by the priority string, and GnuTLS will do the right thing accordingly. It also means the min prime bit is GnuTLS version dependent. "Note that since 3.1.7 this function is deprecated. The minimum number of bits is set by the priority string level. Also this function must be called after gnutls_priority_set_direct() or the set value may be overridden by the selected priority options." https://www.gnutls.org/reference/gnutls-gnutls.html#gnutls-dh-set-prime-bits