mirrors/emacs
1
Fork 0
mirror of git://git.sv.gnu.org/emacs.git synced 2026-01-28 07:50:48 -08:00
Code Issues Projects Releases Wiki Activity
emacs/lisp/net
History
Stefan Kangas d2830c9f31 Make NSM warn if DH key exchange has less than 2048 bit primes 
The previous default was to warn when servers supported only 1024 bit
primes in Diffie-Hellman key exchanges.  This highly conservative
number was based on the observation that, in November 2018, no less
than 12.7% of servers still only supported 1024 bit primes (less than
0.1% supported only 768 and 512 bits).

Five years later, in October 2023, only 3.7 % of servers remain with
only 1024 bit support.  SSL Labs summarizes: "At this time, 2048 bits
is the minimum expected strength."  Therefore, it is reasonable to
start warning users about this in Emacs 30.1, at which time even fewer
servers with such poor capabilities will remain.

Note that key exchanges based on 1024 bit prime number were considered
broken for security purposes already in 2015 (see Logjam below).

For more information:
https://www.ssllabs.com/ssl-pulse/
https://en.wikipedia.org/wiki/Logjam_(computer_security)

* lisp/net/nsm.el (nsm-protocol-check--dhe-prime-kx): Bump expected
minimum number of prime bits to 2048.
2023-10-24 17:28:51 +02:00
..
ange-ftp.el * lisp/net/ange-ftp.el (ange-ftp-file-remote-p): Handle CONNECTED properly. 2023-08-23 11:00:56 +02:00
browse-url.el Properly run emacsclient under Android if DISPLAY is set 2023-09-06 10:31:26 +08:00
dbus.el
dictionary-connection.el
dictionary.el Introduce a tool bar for dictionary mode 2023-10-08 09:13:11 +08:00
dig.el
dns.el
eudc-bob.el
eudc-capf.el Add missing builtin package declarations 2023-09-18 01:55:28 +02:00
eudc-export.el
eudc-hotlist.el
eudc-vars.el
eudc.el
eudcb-bbdb.el
eudcb-ecomplete.el Add missing builtin package declarations 2023-09-18 01:55:28 +02:00
eudcb-ldap.el
eudcb-mab.el
eudcb-macos-contacts.el Add missing builtin package declarations 2023-09-18 01:55:28 +02:00
eudcb-mailabbrev.el Add missing builtin package declarations 2023-09-18 01:55:28 +02:00
eww.el Exclude current buffer from eww-switch-to-buffer 2023-10-01 18:51:18 +02:00
gnutls.el Address defcustom :type warnings 2023-09-26 09:29:39 +02:00
goto-addr.el
hmac-def.el
hmac-md5.el
imap.el Use ensure-list in many more places 2023-08-27 21:45:30 +02:00
ldap.el
mailcap.el Make ‘mailcap-viewer-passes-test’ return t for viewers without tests 2023-09-10 08:16:22 +02:00
mairix.el ; Fix spelling of my name in all source files 2023-10-10 16:31:53 +02:00
net-utils.el
network-stream.el
newst-backend.el Remove newsticker--lists-intersect-p 2023-09-02 10:34:55 +02:00
newst-plainview.el Remove newsticker--lists-intersect-p 2023-09-02 10:34:55 +02:00
newst-reader.el
newst-ticker.el
newst-treeview.el
newsticker.el ; Prefer HTTPS to HTTP in more links 2023-08-02 23:32:28 +02:00
nsm.el Make NSM warn if DH key exchange has less than 2048 bit primes 2023-10-24 17:28:51 +02:00
ntlm.el ; Add missing GNU ELPA :core package statements 2023-10-01 00:09:05 +02:00
pop3.el
puny.el
rcirc.el Use text-mode as default value for 'rcirc-multiline-major-mode' 2023-10-09 10:24:34 +02:00
rfc2104.el
sasl-cram.el
sasl-digest.el
sasl-ntlm.el
sasl-scram-rfc.el
sasl-scram-sha256.el
sasl.el
secrets.el
shr-color.el
shr.el Revert use of seq-count in shr-count 2023-09-04 21:28:33 +02:00
sieve-manage.el Don't use obsolete sleep-for argument 2023-10-21 12:26:36 +02:00
sieve-mode.el Inherit 'sieve-mode' faces from 'font-lock' 2023-09-04 21:37:56 -07:00
sieve.el
snmp-mode.el
soap-client.el ; Add missing GNU ELPA :core package statements 2023-10-01 00:09:05 +02:00
soap-inspect.el
socks.el Improve SOCKS error handling and support version 4a 2023-10-18 06:23:57 -07:00
telnet.el
tramp-adb.el Some minor Tramp changes 2023-08-27 10:38:31 +02:00
tramp-archive.el Sync with Tramp 2.6.2-pre 2023-08-05 18:07:58 +02:00
tramp-cache.el Some minor Tramp changes 2023-08-27 10:38:31 +02:00
tramp-cmds.el Fix tramp-revert-buffer-with-sudo 2023-10-17 11:41:12 +02:00
tramp-compat.el Tramp cleanup 2023-08-23 11:01:58 +02:00
tramp-container.el Make "toolbox" and "flatpak" multi-hop completion capable in Tramp 2023-09-17 12:13:14 +02:00
tramp-crypt.el Sync with Tramp 2.6.2-pre 2023-08-05 18:07:58 +02:00
tramp-ftp.el
tramp-fuse.el Sync with Tramp 2.6.2-pre 2023-08-05 18:07:58 +02:00
tramp-gvfs.el Merge from origin/emacs-29 2023-10-13 16:18:06 +02:00
tramp-integration.el Add more `tramp-suppress-trace' properties in Tramp 2023-08-01 20:24:44 +02:00
tramp-message.el Improve Tramp messages 2023-09-16 20:35:57 +02:00
tramp-rclone.el Sync with Tramp 2.6.2-pre 2023-08-05 18:07:58 +02:00
tramp-sh.el Merge from origin/emacs-29 2023-10-13 16:18:06 +02:00
tramp-smb.el Merge from origin/emacs-29 2023-10-13 16:18:06 +02:00
tramp-sshfs.el Merge from origin/emacs-29 2023-09-30 13:50:07 -04:00
tramp-sudoedit.el Merge from origin/emacs-29 2023-10-13 16:18:06 +02:00
tramp-uu.el
tramp.el Merge from origin/emacs-29 2023-10-13 16:18:06 +02:00
trampver.el Adapt Tramp version 2023-10-19 16:39:01 +02:00
webjump.el
zeroconf.el