[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master 95becaa 2/2: Don't check for :safe-renegotiation wi
From: |
Robert Pluim |
Subject: |
[Emacs-diffs] master 95becaa 2/2: Don't check for :safe-renegotiation with TLS1.3 |
Date: |
Wed, 4 Sep 2019 17:53:30 -0400 (EDT) |
branch: master
commit 95becaaf3b65d6227a41f4cb3f0f114bcfbe5562
Author: Robert Pluim <address@hidden>
Commit: Robert Pluim <address@hidden>
Don't check for :safe-renegotiation with TLS1.3
* lisp/net/nsm.el (nsm-protocol-check--renegotiation-info-ext): Don't
check when using TLS1.3, renegotiation has been removed from TLS.
Reported in
<https://lists.gnu.org/archive/html/help-gnu-emacs/2019-09/msg00005.html>
---
lisp/net/nsm.el | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 8750c19..2121fde 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -665,17 +665,19 @@ the MD5 Message-Digest and the HMAC-MD5 Algorithms\",
If this TLS extension is not used, the connection established is
vulnerable to an attack in which an impersonator can extract
sensitive information such as HTTP session ID cookies or login
-passwords.
+passwords. Renegotiation was removed in TLS1.3, so this is only
+checked for earlier protocol versions.
Reference:
E. Rescorla, M. Ray, S. Dispensa, N. Oskov (Feb 2010). \"Transport
Layer Security (TLS) Renegotiation Indication Extension\",
`https://tools.ietf.org/html/rfc5746'"
- (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))))
- (and unsafe-renegotiation
- (format-message
- "safe renegotiation is not supported, connection not protected from
impersonators"))))
+ (when (plist-member status :safe-renegotiation)
+ (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))))
+ (and unsafe-renegotiation
+ (format-message
+ "safe renegotiation is not supported, connection not protected
from impersonators")))))
;; Compression checks