bug#25061: consider adding %COMPAT to default gnutls priority string

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25061: consider adding %COMPAT to default gnutls priority string

From:	Ted Zlatanov
Subject:	bug#25061: consider adding %COMPAT to default gnutls priority string
Date:	Wed, 06 Sep 2017 15:32:42 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

On Sat, 02 Sep 2017 16:49:20 +0300 Eli Zaretskii <eliz@gnu.org> wrote: 

>> From: Ted Zlatanov <tzz@lifelogs.com>
>> Date: Mon, 13 Feb 2017 11:04:55 -0500
>> 
>> On Fri, 10 Feb 2017 16:51:39 +0100 Andy Wingo <wingo@igalia.com> wrote: 
>> 
AW> I tried checking (had to remember what I was doing to begin with!) and
AW> was not able to reproduce the original problem, and therefore couldn't
AW> test NORMAL:%COMPAT or NORMAL:%DUMBFW :/  Sorry :/
>> 
AW> I was trying to just do this:
>> 
AW> ;; uncomment to test original proposed workaround
AW> ;; (setq gnutls-algorithm-priority "NORMAL:%COMPAT")
AW> (setq gnutls-log-level 2)
AW> (url-retrieve "https://mirror.hydra.gnu.org/";
AW> #'(lambda (status)
AW> (message "success")))
>> 
AW> and evaluating that last form a number of times.  Not very scientific :P
AW> I was unable to reproduce the problem though.
>> 
>> Thanks, Andy.
>> 
>> We were just talking with Michael about connection-specific settings;
>> this is a perfect use case. It will be one of the first things we use
>> for testing. So that will resolve the need for per-connection
>> adjustments, and we can focus on just the default value.
>> 
>> Does anyone think we should add %COMPAT or %DUMBFW to the default
>> priority string? Without definitive proof that it will help, I'm not
>> sure we should, but I'm open to comments. Either way, we'll document it.

EZ> Any progress on this one, Ted?  This bug currently blocks the release
EZ> of Emacs 26.1, so could we please expedite its resolution, whatever
EZ> that is?

Unfortunately I wasn't able to get to the connection-specific settings,
so right now we have to make these changes globally.

We've had no followup on this from anyone else and it's not easily
reproducible. Using %COMPAT for everyone could open them to old
vulnerabilities.

I'd rather stay with the current defaults and defer the rest of the work
to when connection-specific settings are available. I'm not sure of the
right place to discuss these settings--maybe a new section will be
needed once connection-specific settings exist.

So that's my vote; please add yours.

Thanks
Ted

[Prev in Thread]

Current Thread

[Next in Thread]

bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/09/02
- bug#25061: consider adding %COMPAT to default gnutls priority string, Ted Zlatanov <=
  - bug#25061: consider adding %COMPAT to default gnutls priority string, Michael Albinus, 2017/09/07
    - bug#25061: consider adding %COMPAT to default gnutls priority string, Ted Zlatanov, 2017/09/14
    - bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/09/15

Prev by Date: bug#28350: enriched.el code execution
Next by Date: bug#28175: 26.0.50; undefined reference to `gnutls_mac_get_nonce_size'
Previous by thread: bug#25061: consider adding %COMPAT to default gnutls priority string
Next by thread: bug#25061: consider adding %COMPAT to default gnutls priority string
Index(es):
- Date
- Thread