From: Lars Magne Ingebrigtsen Date: Mon, 8 Dec 2014 21:23:41 +0000 (+0100) Subject: * lisp/net/nsm.el (nsm-check-protocol): Test for RC4 on `high'. X-Git-Tag: emacs-25.0.90~2635^2~148 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=7befee11a8f114c43614ad20c3d470e202deb8dc;p=emacs.git * lisp/net/nsm.el (nsm-check-protocol): Test for RC4 on `high'. --- diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 62a603b6790..696a42b6b1c 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,7 @@ +2014-12-08 Lars Magne Ingebrigtsen + + * net/nsm.el (nsm-check-protocol): Test for RC4 on `high'. + 2014-12-08 Stefan Monnier * progmodes/gud.el (gud-gdb-completions): Remove unused var `start'. diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 659f96922c5..16e07ff088c 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -177,7 +177,11 @@ unencrypted." process)))))) (defun nsm-check-protocol (process host port status settings) - (let ((prime-bits (plist-get status :diffie-hellman-prime-bits))) + (let ((prime-bits (plist-get status :diffie-hellman-prime-bits)) + (encryption (format "%s-%s-%s" + (plist-get status :key-exchange) + (plist-get status :cipher) + (plist-get status :mac)))) (cond ((and prime-bits (< prime-bits 1024) @@ -186,10 +190,17 @@ unencrypted." (not (nsm-query host port status :diffie-hellman-prime-bits - "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considerer safe (%s)." + "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considered safe (%s)." prime-bits host port 1024))) (delete-process process) nil) + ((and (string-match "\\bRC4\\b" encryption) + (not (memq :rc4 (plist-get settings :conditions))) + (not + (nsm-query + host port status :rc4 + "The connection to %s:%s uses the RC4 algorithm (%s), which is believed to be unsafe." + host port encryption)))) (t process))))