From: Stefan Kangas Date: Tue, 24 Oct 2023 14:20:42 +0000 (+0200) Subject: Warn about 3DES when network-security-level is medium X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=dbcaaf375f285a42ff1a81c313a454264374cbdb;p=emacs.git Warn about 3DES when network-security-level is medium * lisp/net/nsm.el (network-security-protocol-checks): Bump deprecated and insecure '3des-cipher' to 'medium'. * doc/emacs/misc.texi (Network Security): Document the above change. Ref: https://nvd.nist.gov/vuln/detail/CVE-2016-2183 --- diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi index a05b7f6c6ea..d7168fa1ca0 100644 --- a/doc/emacs/misc.texi +++ b/doc/emacs/misc.texi @@ -399,18 +399,18 @@ vulnerable to a variety of attacks, and you may want to avoid using these if what you're doing requires higher security. (This is the @code{ssl} check in @code{network-security-protocol-checks}). +@item Triple DES (or @acronym{3DES}) cipher +The @acronym{3DES} stream cipher provides at most 112 bits of +effective security, and a major security vulnerability in it was +disclosed in 2016 (CVE-2016-2183). It has been deprecated by NIST in +all applications from late 2023 onwards. (This is the +@code{3des-cipher} check in @code{network-security-protocol-checks}). @end table If @code{network-security-level} is @code{high}, the following checks will be made, in addition to the above: @table @asis -@item @acronym{3DES} cipher -The @acronym{3DES} stream cipher provides at most 112 bits of -effective security, which is considered to be towards the low end. -(This is the @code{3des} check in -@code{network-security-protocol-checks}). - @item a validated certificate changes the public key Servers change their keys occasionally, and that is normally nothing to be concerned about. However, if you are worried that your network diff --git a/etc/NEWS b/etc/NEWS index 8becfae7bb9..9268575c246 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -62,6 +62,12 @@ more details. ** Emacs now supports Unicode Standard version 15.1. +** The Network Security Manager now warns about 3DES by default. +This cypher is no longer recommended owing to a major vulnerability +disclosed in 2016, and its small 112 bit key size. Emacs now warns +about its use also when 'network-security-level' is set to 'medium' +(the default). See 'network-security-protocol-checks'. + ** Help *** 'describe-function' shows function inferred type when available. diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 8558a1fd5d1..478a2998830 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -149,10 +149,11 @@ unencrypted." (dhe-prime-kx medium) (sha1-sig medium) (ecdsa-cbc-cipher medium) + ;; Deprecated by NIST from 2016/2023 (see also CVE-2016-2183). + (3des-cipher medium) ;; Towards TLS 1.3 (dhe-kx high) (rsa-kx high) - (3des-cipher high) (cbc-cipher high)) "This variable specifies what TLS connection checks to perform. It's an alist where the key is the name of the check, and the @@ -169,13 +170,13 @@ otherwise. See also: `nsm-check-tls-connection', `nsm-save-host-names', `nsm-settings-file'" - :version "27.1" :type '(repeat (list (symbol :tag "Check function") (choice :tag "Level" :value medium (const :tag "Low" low) (const :tag "Medium" medium) - (const :tag "High" high))))) + (const :tag "High" high)))) + :version "30.1") (defun nsm-save-fingerprint-maybe (host port status &rest _) "Save the certificate's fingerprint.