Warn about 3DES when network-security-level is medium

* lisp/net/nsm.el (network-security-protocol-checks): Bump
deprecated and insecure '3des-cipher' to 'medium'.
* doc/emacs/misc.texi (Network Security): Document the above change.
Ref: https://nvd.nist.gov/vuln/detail/CVE-2016-2183

3 files changed, 16 insertions, 9 deletions

diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
index a05b7f6c6ea..d7168fa1ca0 100644
--- a/doc/emacs/misc.texi
+++ b/doc/emacs/misc.texi
@@ -399,18 +399,18 @@ vulnerable to a variety of attacks, and you may want to avoid using
 these if what you're doing requires higher security.  (This is the
 @code{ssl} check in @code{network-security-protocol-checks}).
 
+@item Triple DES (or @acronym{3DES}) cipher
+The @acronym{3DES} stream cipher provides at most 112 bits of
+effective security, and a major security vulnerability in it was
+disclosed in 2016 (CVE-2016-2183).  It has been deprecated by NIST in
+all applications from late 2023 onwards.  (This is the
+@code{3des-cipher} check in @code{network-security-protocol-checks}).
 @end table
 
 If @code{network-security-level} is @code{high}, the following checks
 will be made, in addition to the above:
 
 @table @asis
-@item @acronym{3DES} cipher
-The @acronym{3DES} stream cipher provides at most 112 bits of
-effective security, which is considered to be towards the low end.
-(This is the @code{3des} check in
-@code{network-security-protocol-checks}).
-
 @item a validated certificate changes the public key
 Servers change their keys occasionally, and that is normally nothing
 to be concerned about.  However, if you are worried that your network
diff --git a/etc/NEWS b/etc/NEWS
index 8becfae7bb9..9268575c246 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -62,6 +62,12 @@ more details.
 
 ** Emacs now supports Unicode Standard version 15.1.
 
+** The Network Security Manager now warns about 3DES by default.
+This cypher is no longer recommended owing to a major vulnerability
+disclosed in 2016, and its small 112 bit key size.  Emacs now warns
+about its use also when 'network-security-level' is set to 'medium'
+(the default).  See 'network-security-protocol-checks'.
+
 ** Help
 
 *** 'describe-function' shows function inferred type when available.
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 8558a1fd5d1..478a2998830 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -149,10 +149,11 @@ unencrypted."
     (dhe-prime-kx           medium)
     (sha1-sig               medium)
     (ecdsa-cbc-cipher       medium)
+    ;; Deprecated by NIST from 2016/2023 (see also CVE-2016-2183).
+    (3des-cipher            medium)
     ;; Towards TLS 1.3
     (dhe-kx                 high)
     (rsa-kx                 high)
-    (3des-cipher            high)
     (cbc-cipher             high))
   "This variable specifies what TLS connection checks to perform.
 It's an alist where the key is the name of the check, and the
@@ -169,13 +170,13 @@ otherwise.
 
 See also: `nsm-check-tls-connection', `nsm-save-host-names',
 `nsm-settings-file'"
-  :version "27.1"
   :type '(repeat (list (symbol :tag "Check function")
                        (choice :tag "Level"
                                :value medium
                                (const :tag "Low" low)
                                (const :tag "Medium" medium)
-                               (const :tag "High" high)))))
+                               (const :tag "High" high))))
+  :version "30.1")
 
 (defun nsm-save-fingerprint-maybe (host port status &rest _)
   "Save the certificate's fingerprint.