[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The netsec thread
|
From: |
Robert Pluim |
|
Subject: |
Re: The netsec thread |
|
Date: |
Tue, 03 Sep 2019 22:02:06 +0200 |
>>>>> On Tue, 3 Sep 2019 12:20:27 -0700, Paul Eggert <address@hidden> said:
Paul> Robert Pluim wrote:
>> The only code that cares is NSM, which can be fixed, and itʼs easy
>> enough to remove as well. The GNUTLS_TLS1_3 define was added in GnuTLS
>> 3.6.3, so we can check for the version if you prefer.
Paul> Checking for GNUTLS_TLS1_3 sounds fine (in fact, a bit better). We can
Paul> make the code a bit faster/clearer by not calling
Paul> gnutls_protocol_get_version twice. Also, it's better to not intertwine
Paul> ifdefs with ifs. So, something like the attached patch perhaps? Though
Paul> I didn't install it because NSM needs to be changed too and I'm not
Paul> sure what you were thinking of there.
Below is one way to do it, which would be independent of your
change. Another way would be to check
(plist-member status :safe-renegotiation)
before checking the value of :safe-renegotiation, but that would
require removing :safe-renegotiation for TLS1.3.
I donʼt really prefer one to the other, but the below commit is ready,
and Iʼm lazy :-)
I hope Eli has an opinion, his taste is much better than mine.
Robert
commit d476ad2fcdf6a05cb6f32372df88b1e528682f9e
Author: Robert Pluim <address@hidden>
AuthorDate: Mon Sep 2 14:55:00 2019 +0200
Commit: Robert Pluim <address@hidden>
CommitDate: Tue Sep 3 16:43:12 2019 +0200
Don't check for safe-renegotiation with TLS1.3
* lisp/net/nsm.el (nsm-protocol-check--renegotiation-info-ext): Don't
check when using TLS1.3, renegotiation has been removed from TLS.
Reported in
<https://lists.gnu.org/archive/html/help-gnu-emacs/2019-09/msg00005.html>
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 5e8381075b..4515867db8 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -665,17 +665,19 @@ nsm-protocol-check--renegotiation-info-ext
If this TLS extension is not used, the connection established is
vulnerable to an attack in which an impersonator can extract
sensitive information such as HTTP session ID cookies or login
-passwords.
+passwords. Renegotiation was removed in TLS1.3, so this is only
+checked for earlier protocol versions.
Reference:
E. Rescorla, M. Ray, S. Dispensa, N. Oskov (Feb 2010). \"Transport
Layer Security (TLS) Renegotiation Indication Extension\",
`https://tools.ietf.org/html/rfc5746'"
- (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))))
- (and unsafe-renegotiation
- (format-message
- "safe renegotiation is not supported, connection not protected from
impersonators"))))
+ (when (string-version-lessp (plist-get status :protocol) "TLS1.3")
+ (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))))
+ (and unsafe-renegotiation
+ (format-message
+ "safe renegotiation is not supported, connection not protected
from impersonators")))))
;; Compression checks
- Re: The netsec thread, Robert Pluim, 2019/09/03
- Re: The netsec thread, Paul Eggert, 2019/09/03
- Re: The netsec thread, Robert Pluim, 2019/09/03
- Re: The netsec thread, Paul Eggert, 2019/09/03
- Re: The netsec thread,
Robert Pluim <=
- Re: The netsec thread, Lars Ingebrigtsen, 2019/09/04
- Re: The netsec thread, Robert Pluim, 2019/09/04
- Re: The netsec thread, Paul Eggert, 2019/09/04
- Re: The netsec thread, Robert Pluim, 2019/09/04
- Re: The netsec thread, Robert Pluim, 2019/09/05
- Re: The netsec thread, Paul Eggert, 2019/09/05
- Re: The netsec thread, Robert Pluim, 2019/09/05
- Re: The netsec thread, Lars Ingebrigtsen, 2019/09/04