diff options
author | Lars Magne Ingebrigtsen <larsi@gnus.org> | 2014-12-08 22:23:41 +0100 |
---|---|---|
committer | Lars Magne Ingebrigtsen <larsi@gnus.org> | 2014-12-08 22:23:51 +0100 |
commit | 7befee11a8f114c43614ad20c3d470e202deb8dc (patch) | |
tree | 6587b2284bb3312af9b125adcdd88c52509fb1cd /lisp/net/nsm.el | |
parent | ad67503f50b8d2c443e63cb16863b39ad8345567 (diff) | |
download | emacs-7befee11a8f114c43614ad20c3d470e202deb8dc.tar.gz |
* lisp/net/nsm.el (nsm-check-protocol): Test for RC4 on `high'.
Diffstat (limited to 'lisp/net/nsm.el')
-rw-r--r-- | lisp/net/nsm.el | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 659f96922c5..16e07ff088c 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -177,7 +177,11 @@ unencrypted." process)))))) (defun nsm-check-protocol (process host port status settings) - (let ((prime-bits (plist-get status :diffie-hellman-prime-bits))) + (let ((prime-bits (plist-get status :diffie-hellman-prime-bits)) + (encryption (format "%s-%s-%s" + (plist-get status :key-exchange) + (plist-get status :cipher) + (plist-get status :mac)))) (cond ((and prime-bits (< prime-bits 1024) @@ -186,10 +190,17 @@ unencrypted." (not (nsm-query host port status :diffie-hellman-prime-bits - "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considerer safe (%s)." + "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considered safe (%s)." prime-bits host port 1024))) (delete-process process) nil) + ((and (string-match "\\bRC4\\b" encryption) + (not (memq :rc4 (plist-get settings :conditions))) + (not + (nsm-query + host port status :rc4 + "The connection to %s:%s uses the RC4 algorithm (%s), which is believed to be unsafe." + host port encryption)))) (t process)))) |