From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: The netsec thread Date: Wed, 04 Sep 2019 21:34:16 +0200 Message-ID: References: <87pnlg7r83.fsf@mouse.gnus.org> <87o90gd1us.fsf@mouse.gnus.org> <9308f549-adf8-e5c1-1bcd-beea2ddb0e0f@cs.ucla.edu> <87r25cb6vy.fsf@gnus.org> <791d5bcb-3684-c791-48f5-c1af765a5c9d@cs.ucla.edu> <87mufxajwq.fsf@gnus.org> <8f52a86a-bc74-47d8-f792-83ce870666fa@cs.ucla.edu> <87sgpcdx3l.fsf@gnus.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="58377"; mail-complaints-to="usenet@blaine.gmane.org" Cc: Paul Eggert , emacs-devel@gnu.org To: Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Sep 04 22:46:16 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1i5cAP-000F41-3q for ged-emacs-devel@m.gmane.org; Wed, 04 Sep 2019 22:46:13 +0200 Original-Received: from localhost ([::1]:39308 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i5cAM-0005BW-T9 for ged-emacs-devel@m.gmane.org; Wed, 04 Sep 2019 16:46:10 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:41947) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i5b2s-0007aE-SY for emacs-devel@gnu.org; Wed, 04 Sep 2019 15:34:23 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i5b2r-0004tq-Lj for emacs-devel@gnu.org; Wed, 04 Sep 2019 15:34:22 -0400 Original-Received: from mail-wr1-x434.google.com ([2a00:1450:4864:20::434]:43464) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i5b2r-0004sX-Ce for emacs-devel@gnu.org; Wed, 04 Sep 2019 15:34:21 -0400 Original-Received: by mail-wr1-x434.google.com with SMTP id y8so16126wrn.10 for ; Wed, 04 Sep 2019 12:34:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-copies-to:gmane-reply-to-list :date:in-reply-to:message-id:mime-version; bh=JPrVa6xRbfhz7V6JT10J9+y1H6vxrT1JYBmMZpZp8m4=; b=ZwmC053aAcV9+PPqGwFlzhDjWjS58JS5LzZu+Ji0v/ZPzpxiF2aD8DpxaNgn3Suw6b b75/8IvLelUXJF6LNYhqyaZIj0pFUwYR7UbhuMARz+I94W3WGpQiuPVpOBuQvouu9fr7 iOk5l2SUV2JLYruZRwU9YR1Ug7DtamJswTQ+2txn/OrYMtCdf/1QSI+QuhBQOsq5OPFc qugIK0JgwOH2QuNcfG2L9a7JYlqdFp9NNv7hRcGJfwuDWjdGpKLnNNDE92q5rb5cve7B PD78vvAxJx6h1hFPtabdIZ0QeBh8NptM5847CZ215cgBcIdPxl2QXS5sDbLE/Mn1bcBH VAuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version; bh=JPrVa6xRbfhz7V6JT10J9+y1H6vxrT1JYBmMZpZp8m4=; b=QDeqX44BVVP8n6mOHQ0PAb6yLXmoFYV9AhP3zyi9A9Wr/ChoiFSqAqFhXdZBka8R1+ 9jIY4nmEc9vAlsEJ9hwvGNjpxlQ5Zw7EIRqL1H5J0PU3xHmJDGFtqj7bkBb9fkNHM75i htl+yXbxMajsHH1knWFC7qgTm+/Pc17vs5l5sWdMZcC2u5+74bUhb3xD2RzMquU23G7j WvfnrvLgMnobOt3ivYVL+yfXP+YmSvB53BFhSnBJG1gnUv2qPiIF2R1SCgCqYZXaHOHk wy3yT7JXgJt8OSRM2fHgIO6pl00E0OrFh57/+p+K5GZH93yrK0K4jguudS+vfahOUtkH 0G6Q== X-Gm-Message-State: APjAAAXAT+XBPxcDzkLfjrsVDYQO2+6vDTVTJqM/748JQ5DkVhJ35pL9 Qivy8r18Vnn56WbA0t+QHzwAdM+6 X-Google-Smtp-Source: APXvYqy1HQ9oDKuNks3iOYIbLPirl1sKV7efdQx+UNsGVtPaGFoKm9f3LAL62K36/RNv4qHevfh/jA== X-Received: by 2002:adf:a415:: with SMTP id d21mr17289095wra.94.1567625659179; Wed, 04 Sep 2019 12:34:19 -0700 (PDT) Original-Received: from rpluim-mac ([2a01:e34:ecfc:a860:cc92:661d:7c8d:3737]) by smtp.gmail.com with ESMTPSA id w12sm13200358wrg.47.2019.09.04.12.34.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Sep 2019 12:34:17 -0700 (PDT) Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: <87sgpcdx3l.fsf@gnus.org> (Lars Ingebrigtsen's message of "Wed, 04 Sep 2019 15:12:14 +0200") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::434 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:239851 Archived-At: >>>>> On Wed, 04 Sep 2019 15:12:14 +0200, Lars Ingebrigtsen said: Lars> Robert Pluim writes: >> - (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation)))) >> - (and unsafe-renegotiation >> - (format-message >> - "safe renegotiation is not supported, connection not protected from impersonators")))) >> + (when (string-version-lessp (plist-get status :protocol) "TLS1.3") >> + (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation)))) >> + (and unsafe-renegotiation >> + (format-message >> + "safe renegotiation is not supported, connection not protected from impersonators"))))) Lars> After Paul's patch, I think it would make sense to just check for Lars> whether :safe-renegotiation is present at all, and not check for Lars> protocol version here. I.e., use `plist-member' first. Sure. Paul, did you want me to push your patch as well? Robert