about its use also when 'network-security-level' is set to 'medium'
(the default). See 'network-security-protocol-checks'.
+** The Network Security Manager now warns about <2048 bits in DH key exchange.
+Emacs used to warn for Diffie-Hellman key exchanges with prime numbers
+smaller than 1024 bits. Since more servers now support it, this
+number has been bumped to 2048 bits.
+
** Help
*** 'describe-function' shows function inferred type when available.
connections to insecure 512-bit export grade cryptography.
The Logjam paper suggests using 1024-bit prime on the client to
-mitigate some effects of this attack, and upgrade to 2048-bit as
-soon as server configurations allow. According to SSLLabs' SSL
-Pulse tracker, only about 75% of server support 2048-bit key
-exchange in June 2018[2]. To provide a balance between
-compatibility and security, this function only checks for a
-minimum key strength of 1024-bit.
+mitigate some effects of this attack, and upgrading to 2048-bit
+as soon as server configurations allow. According to SSLLabs'
+SSL Pulse tracker the overwhelming majority of servers support
+2048-bit key exchange in October 2023[2]. This function
+therefore checks for a minimum key strength of 2048 bits.
See also: `nsm-protocol-check--dhe-kx'
`https://www.ssllabs.com/ssl-pulse/'"
(let ((prime-bits (plist-get status :diffie-hellman-prime-bits)))
(if (and (string-match "^\\bDHE\\b" (plist-get status :key-exchange))
- (< prime-bits 1024))
+ (< prime-bits 2048))
(format-message
"Diffie-Hellman key strength (%s bits) too weak (%s bits)"
- prime-bits 1024))))
+ prime-bits 2048))))
(defun nsm-protocol-check--dhe-kx (_host _port status &optional _settings)
"Check for existence of DH key exchange based on integer factorization.