From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: The netsec thread Date: Tue, 03 Sep 2019 22:02:06 +0200 Message-ID: References: <834l36koak.fsf@gnu.org> <87pnlg7r83.fsf@mouse.gnus.org> <87o90gd1us.fsf@mouse.gnus.org> <9308f549-adf8-e5c1-1bcd-beea2ddb0e0f@cs.ucla.edu> <87r25cb6vy.fsf@gnus.org> <791d5bcb-3684-c791-48f5-c1af765a5c9d@cs.ucla.edu> <87mufxajwq.fsf@gnus.org> <8f52a86a-bc74-47d8-f792-83ce870666fa@cs.ucla.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="60216"; mail-complaints-to="usenet@blaine.gmane.org" Cc: Lars Ingebrigtsen , emacs-devel@gnu.org To: Paul Eggert Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 03 22:06:45 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1i5F4f-000FKe-Av for ged-emacs-devel@m.gmane.org; Tue, 03 Sep 2019 22:06:45 +0200 Original-Received: from localhost ([::1]:50471 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i5F4Y-0004AN-KT for ged-emacs-devel@m.gmane.org; Tue, 03 Sep 2019 16:06:38 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45680) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i5F0F-0000cy-QL for emacs-devel@gnu.org; Tue, 03 Sep 2019 16:02:13 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i5F0E-0001vG-CM for emacs-devel@gnu.org; Tue, 03 Sep 2019 16:02:11 -0400 Original-Received: from mail-wr1-x443.google.com ([2a00:1450:4864:20::443]:36148) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i5F0E-0001uh-5j for emacs-devel@gnu.org; Tue, 03 Sep 2019 16:02:10 -0400 Original-Received: by mail-wr1-x443.google.com with SMTP id y19so18792868wrd.3 for ; Tue, 03 Sep 2019 13:02:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-copies-to:gmane-reply-to-list :date:in-reply-to:message-id:mime-version:content-transfer-encoding; bh=bXKefshz0ss3CaEEXVpsLwRmeQXfuXDHu6hFH1oLyxA=; b=V06ifUqUg1zeOIXwnUE992jnr5FstG+lMnE3MT4R4geHRUUnELtA6lwUHpHkgP7uBz DApHzRkxbzI5ItyGk+EckFBNaM5tpWgdZr8QYp4pG5c7Zibu6llHeH61qn+LbmLn3pu4 8fR2XGe1UTIMOVdAjJYng0PWDUeT2frtH/JdAgni9lYC+hBRs2373FvEP+EOOIroc5gG ZPdUmnoBNJzUpDqOQ3y+SlXYlYLBh5kxbYtUGPjoWYTHS5tAmiMWNx5jPIFszA58ey+C RzeCnIwKhqldShHCAEfk0An4c3ONII/uBIkZR5Cfn7xL07HJ4NsTuq/y+crmSFhn+TgE wFDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=bXKefshz0ss3CaEEXVpsLwRmeQXfuXDHu6hFH1oLyxA=; b=PaSqVl4ZEBr2Vr36vl38ThITB5WWGkfZYcmu+lRB2fCKJEpqlMuqdeISlUwdhSfiPv 6SKLCMs/Qoux2RBWMKwH4u/LAAGsrPEf5HsI6MabvnczUSZ50cjCwn2b+zWTTYKfAe7o iwiJftIrR6qcOGgb2LUVxIQrDS0SUAcoD50Ov97NKtKialIh7jbFrloI7KF5fGKFONk7 5qg0YcOJplvrm6COHPyxWWGQCl/+PcdIgqcY8SfMnJmsEIXBIwT7Weud5IkH6RKEqa/y 6g3BWN8OYZKt3/+wjorxoteTagGCDHsPR+2X1aE29eOR6qhLTH+IVRUU1VWNSWaolFa0 ZyGw== X-Gm-Message-State: APjAAAXY9sFJhSQYytDZiqKOjJ8RtI+hTbSeN5//7Dse/gMV+0a101h8 0PRvxvXxuLFtLhANC9g0zq4s2TK9 X-Google-Smtp-Source: APXvYqzzyGAT1W1ec/t4C5QijHuhVp01kDNIeATNWd1Tb3kqqz+TMLR/TSYNpb6g0xyMsE//xprfeQ== X-Received: by 2002:a5d:4bc1:: with SMTP id l1mr11242878wrt.259.1567540928735; Tue, 03 Sep 2019 13:02:08 -0700 (PDT) Original-Received: from rpluim-mac ([2a01:e34:ecfc:a860:577:eae7:a246:a6a0]) by smtp.gmail.com with ESMTPSA id w8sm1274186wmc.1.2019.09.03.13.02.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Sep 2019 13:02:07 -0700 (PDT) Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (Paul Eggert's message of "Tue, 3 Sep 2019 12:20:27 -0700") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::443 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:239825 Archived-At: >>>>> On Tue, 3 Sep 2019 12:20:27 -0700, Paul Eggert s= aid: Paul> Robert Pluim wrote: >> The only code that cares is NSM, which can be fixed, and it=CA=BCs e= asy >> enough to remove as well. The GNUTLS_TLS1_3 define was added in GnuT= LS >> 3.6.3, so we can check for the version if you prefer. Paul> Checking for GNUTLS_TLS1_3 sounds fine (in fact, a bit better). W= e can Paul> make the code a bit faster/clearer by not calling Paul> gnutls_protocol_get_version twice. Also, it's better to not inter= twine Paul> ifdefs with ifs. So, something like the attached patch perhaps? T= hough Paul> I didn't install it because NSM needs to be changed too and I'm n= ot Paul> sure what you were thinking of there. Below is one way to do it, which would be independent of your change. Another way would be to check (plist-member status :safe-renegotiation) before checking the value of :safe-renegotiation, but that would require removing :safe-renegotiation for TLS1.3. I don=CA=BCt really prefer one to the other, but the below commit is ready, and I=CA=BCm lazy :-) I hope Eli has an opinion, his taste is much better than mine. Robert commit d476ad2fcdf6a05cb6f32372df88b1e528682f9e Author: Robert Pluim AuthorDate: Mon Sep 2 14:55:00 2019 +0200 Commit: Robert Pluim CommitDate: Tue Sep 3 16:43:12 2019 +0200 Don't check for safe-renegotiation with TLS1.3 =20=20=20=20 * lisp/net/nsm.el (nsm-protocol-check--renegotiation-info-ext): Don't check when using TLS1.3, renegotiation has been removed from TLS. Reported in diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 5e8381075b..4515867db8 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -665,17 +665,19 @@ nsm-protocol-check--renegotiation-info-ext If this TLS extension is not used, the connection established is vulnerable to an attack in which an impersonator can extract sensitive information such as HTTP session ID cookies or login -passwords. +passwords. Renegotiation was removed in TLS1.3, so this is only +checked for earlier protocol versions. =20 Reference: =20 E. Rescorla, M. Ray, S. Dispensa, N. Oskov (Feb 2010). \"Transport Layer Security (TLS) Renegotiation Indication Extension\", `https://tools.ietf.org/html/rfc5746'" - (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))= )) - (and unsafe-renegotiation - (format-message - "safe renegotiation is not supported, connection not protected f= rom impersonators")))) + (when (string-version-lessp (plist-get status :protocol) "TLS1.3") + (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation= )))) + (and unsafe-renegotiation + (format-message + "safe renegotiation is not supported, connection not protected= from impersonators"))))) =20 ;; Compression checks =20