The @acronym{RC4} stream cipher is believed to be of low quality and
may allow eavesdropping by third parties.
-@item @acronym{SHA1} in the host certificate or in intermediary certificates
-It is believed that if an intermediary certificate uses
+@item @acronym{SHA1} in the host certificate or in intermediate certificates
+It is believed that if an intermediate certificate uses
the @acronym{SHA1} hashing algorithm, then third parties can issue
certificates pretending to be that issuing instance. These
connections are therefore vulnerable to man-in-the-middle attacks.
'((diffie-hellman-prime-bits medium 1024)
(rc4 medium)
(signature-sha1 medium)
- (intermediary-sha1 medium)
+ (intermediate-sha1 medium)
(3des high)
(ssl medium))
"This variable specifies what TLS connection checks to perform.
"The certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe."
host port signature-algorithm))))
-(defun nsm-protocol-check--intermediary-sha1 (host port status _)
+(defun nsm-protocol-check--intermediate-sha1 (host port status _)
;; Skip the first certificate, because that's the host certificate.
(cl-loop for certificate in (cdr (plist-get status :certificates))
for algo = (plist-get certificate :signature-algorithm)
(string-match "\\bSHA1\\b" algo)
(not (nsm-query
host port status :signature-sha1
- "An intermediary certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe."
+ "An intermediate certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe."
host port algo)))
do (cl-return nil)
finally (cl-return t)))
projects / emacs.git / commitdiff