emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The netsec thread

From: Robert Pluim
Subject: Re: The netsec thread
Date: Thu, 05 Sep 2019 21:34:24 +0200 
>>>>> On Thu, 5 Sep 2019 11:50:17 -0700, Paul Eggert <address@hidden> said:

    Paul> On 9/5/19 5:12 AM, Robert Pluim wrote:
    >> GNUTLS_TLS1_3 is not a define, itʼs an enum, so we canʼt
    >> check for it with the pre-processor. I guess that means we have to
    >> check based on the GnuTLS version

    Paul> There's a simpler way; I installed the attached.

Thanks for that.

    Paul> By the way, can you verify that :safe-renegotiation is also irrelevant
    Paul> for DTLS? I'm asking because GNUTLS_DTLS1_2 etc. are greater than 
    Paul> GNUTLS_TLS1_3 and so "proto <= GNUTLS_TLS1_2" yields 0 for them. I
    Paul> assume that since DTLS is for datagrams there is no renegotiation and
    Paul> so no :safe-renegotation is needed, but I don't know DTLS (I don't
    Paul> even know whether Emacs supports DTLS) and it'd be helpful to get a 
    Paul> more-expert opinion. Thanks.

DTLS does in theory support renegotiation and the safe renegotiation
extension, but Iʼd be surprised if emacs worked with
DTLS. open-network-stream only opens TCP connections, perhaps
make-network-process could be abused to attempt DTLS, but thereʼs no
guarantee it would work, I think most of the emacs low-level TLS
support assumes TCP.

In short: I donʼt think itʼs a problem.

Robert
reply via email to
[Prev in Thread] Current Thread [Next in Thread]