Make NSM warn if DH key exchange has less than 2048 bit primes
The previous default was to warn when servers supported only 1024 bit
primes in Diffie-Hellman key exchanges. This highly conservative
number was based on the observation that, in November 2018, no less
than 12.7% of servers still only supported 1024 bit primes (less than
0.1% supported only 768 and 512 bits).
Five years later, in October 2023, only 3.7 % of servers remain with
only 1024 bit support. SSL Labs summarizes: "At this time, 2048 bits
is the minimum expected strength." Therefore, it is reasonable to
start warning users about this in Emacs 30.1, at which time even fewer
servers with such poor capabilities will remain.
Note that key exchanges based on 1024 bit prime number were considered
broken for security purposes already in 2015 (see Logjam below).
For more information:
https://www.ssllabs.com/ssl-pulse/
https://en.wikipedia.org/wiki/Logjam_(computer_security)
* lisp/net/nsm.el (nsm-protocol-check--dhe-prime-kx): Bump expected
minimum number of prime bits to 2048.