diff options
| author | Lars Ingebrigtsen | 2018-06-24 22:57:27 +0200 |
|---|---|---|
| committer | Lars Ingebrigtsen | 2018-06-24 22:57:27 +0200 |
| commit | 5a285a4db97d88cfd7a2320e33542a0afe695665 (patch) | |
| tree | 11de5284a3d79f070db4ab797b995ae74a737448 | |
| parent | fea8c7d181babe6de7daedfef07b291f8dda2322 (diff) | |
| download | emacs-5a285a4db97d88cfd7a2320e33542a0afe695665.tar.gz emacs-5a285a4db97d88cfd7a2320e33542a0afe695665.zip | |
Make more TLS checks trigger on the default `medium' level
* doc/emacs/misc.texi (Network Security): Update the doc to say
what's on the different levels.
* lisp/net/nsm.el (nsm-protocol-check--intermediary-sha1): Check
intermediary certificates for SHA1.
(nsm-protocol-check--3des): Check for 3DES ciphers.
(network-security-protocol-checks): Put most of the checks on
`medium'.
| -rw-r--r-- | doc/emacs/misc.texi | 37 | ||||
| -rw-r--r-- | etc/NEWS | 4 | ||||
| -rw-r--r-- | lisp/net/nsm.el | 32 |
3 files changed, 56 insertions, 17 deletions
diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi index 177cc8fa469..78f28ccfad9 100644 --- a/doc/emacs/misc.texi +++ b/doc/emacs/misc.texi | |||
| @@ -352,19 +352,6 @@ over these connections. Similarly, if you're sending email via | |||
| 352 | connection to be encrypted. If the connection isn't encrypted, | 352 | connection to be encrypted. If the connection isn't encrypted, |
| 353 | @acronym{NSM} will warn you. | 353 | @acronym{NSM} will warn you. |
| 354 | 354 | ||
| 355 | @end table | ||
| 356 | |||
| 357 | If @code{network-security-level} is @code{high}, the following checks | ||
| 358 | will be made, in addition to the above: | ||
| 359 | |||
| 360 | @table @asis | ||
| 361 | @item a validated certificate changes the public key | ||
| 362 | Servers change their keys occasionally, and that is normally nothing | ||
| 363 | to be concerned about. However, if you are worried that your network | ||
| 364 | connections are being hijacked by agencies who have access to pliable | ||
| 365 | Certificate Authorities which issue new certificates for third-party | ||
| 366 | services, you may want to keep track of these changes. | ||
| 367 | |||
| 368 | @item Diffie-Hellman low prime bits | 355 | @item Diffie-Hellman low prime bits |
| 369 | When doing the public key exchange, the number of prime bits | 356 | When doing the public key exchange, the number of prime bits |
| 370 | should be high to ensure that the channel can't be eavesdropped on by | 357 | should be high to ensure that the channel can't be eavesdropped on by |
| @@ -374,10 +361,34 @@ third parties. If this number is too low, you will be warned. | |||
| 374 | The @acronym{RC4} stream cipher is believed to be of low quality and | 361 | The @acronym{RC4} stream cipher is believed to be of low quality and |
| 375 | may allow eavesdropping by third parties. | 362 | may allow eavesdropping by third parties. |
| 376 | 363 | ||
| 364 | @item @acronym{SHA1} in the host certificate or in intermediary certificates | ||
| 365 | It is believed that if an intermediary certificate uses | ||
| 366 | the @acronym{SHA1} hashing algorithm, then third parties can issue | ||
| 367 | certificates pretending to be that issuing instance. These | ||
| 368 | connections are therefore vulnerable to man-in-the-middle attacks. | ||
| 369 | |||
| 377 | @item @acronym{SSL1}, @acronym{SSL2} and @acronym{SSL3} | 370 | @item @acronym{SSL1}, @acronym{SSL2} and @acronym{SSL3} |
| 378 | The protocols older than @acronym{TLS1.0} are believed to be | 371 | The protocols older than @acronym{TLS1.0} are believed to be |
| 379 | vulnerable to a variety of attacks, and you may want to avoid using | 372 | vulnerable to a variety of attacks, and you may want to avoid using |
| 380 | these if what you're doing requires higher security. | 373 | these if what you're doing requires higher security. |
| 374 | |||
| 375 | @end table | ||
| 376 | |||
| 377 | If @code{network-security-level} is @code{high}, the following checks | ||
| 378 | will be made, in addition to the above: | ||
| 379 | |||
| 380 | @table @asis | ||
| 381 | @item @acronym{3DES} cipther | ||
| 382 | The @acronym{RC4} stream cipher is believed by some to be of low | ||
| 383 | quality and may allow eavesdropping by third parties. | ||
| 384 | |||
| 385 | @item a validated certificate changes the public key | ||
| 386 | Servers change their keys occasionally, and that is normally nothing | ||
| 387 | to be concerned about. However, if you are worried that your network | ||
| 388 | connections are being hijacked by agencies who have access to pliable | ||
| 389 | Certificate Authorities which issue new certificates for third-party | ||
| 390 | services, you may want to keep track of these changes. | ||
| 391 | |||
| 381 | @end table | 392 | @end table |
| 382 | 393 | ||
| 383 | Finally, if @code{network-security-level} is @code{paranoid}, you will | 394 | Finally, if @code{network-security-level} is @code{paranoid}, you will |
| @@ -136,6 +136,10 @@ of what checks to run via the `network-security-protocol-checks' | |||
| 136 | variable. | 136 | variable. |
| 137 | 137 | ||
| 138 | +++ | 138 | +++ |
| 139 | ** Most of the checks for outdated, believed-to-be-weak TLS algorithms | ||
| 140 | and ciphers are now switched on by default. | ||
| 141 | |||
| 142 | +++ | ||
| 139 | ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'. | 143 | ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'. |
| 140 | It blocks line breaking after a one-letter word, also in the case when | 144 | It blocks line breaking after a one-letter word, also in the case when |
| 141 | this word is preceded by a non-space, but non-alphanumeric character. | 145 | this word is preceded by a non-space, but non-alphanumeric character. |
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 97bfc7d62f1..2c4f8bf5ed5 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el | |||
| @@ -182,10 +182,12 @@ unencrypted." | |||
| 182 | process)))))) | 182 | process)))))) |
| 183 | 183 | ||
| 184 | (defvar network-security-protocol-checks | 184 | (defvar network-security-protocol-checks |
| 185 | '((diffie-hellman-prime-bits high 1024) | 185 | '((diffie-hellman-prime-bits medium 1024) |
| 186 | (rc4 high) | 186 | (rc4 medium) |
| 187 | (signature-sha1 high) | 187 | (signature-sha1 medium) |
| 188 | (ssl high)) | 188 | (intermediary-sha1 medium) |
| 189 | (3des high) | ||
| 190 | (ssl medium)) | ||
| 189 | "This variable specifies what TLS connection checks to perform. | 191 | "This variable specifies what TLS connection checks to perform. |
| 190 | It's an alist where the first element is the name of the check, | 192 | It's an alist where the first element is the name of the check, |
| 191 | the second is the security level where the check kicks in, and the | 193 | the second is the security level where the check kicks in, and the |
| @@ -230,6 +232,13 @@ HOST PORT STATUS OPTIONAL-PARAMETER.") | |||
| 230 | "The Diffie-Hellman prime bits (%s) used for this connection to %s:%s is less than what is considered safe (%s)." | 232 | "The Diffie-Hellman prime bits (%s) used for this connection to %s:%s is less than what is considered safe (%s)." |
| 231 | prime-bits host port bits)))) | 233 | prime-bits host port bits)))) |
| 232 | 234 | ||
| 235 | (defun nsm-protocol-check--3des (host port status _) | ||
| 236 | (or (not (string-match "\\b3DES\\b" (plist-get status :cipher))) | ||
| 237 | (nsm-query | ||
| 238 | host port status :rc4 | ||
| 239 | "The connection to %s:%s uses the 3DES cipher (%s), which is believed to be unsafe." | ||
| 240 | host port (plist-get status :cipher)))) | ||
| 241 | |||
| 233 | (defun nsm-protocol-check--rc4 (host port status _) | 242 | (defun nsm-protocol-check--rc4 (host port status _) |
| 234 | (or (not (string-match "\\bRC4\\b" (nsm--encryption status))) | 243 | (or (not (string-match "\\bRC4\\b" (nsm--encryption status))) |
| 235 | (nsm-query | 244 | (nsm-query |
| @@ -246,6 +255,21 @@ HOST PORT STATUS OPTIONAL-PARAMETER.") | |||
| 246 | "The certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe." | 255 | "The certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe." |
| 247 | host port signature-algorithm)))) | 256 | host port signature-algorithm)))) |
| 248 | 257 | ||
| 258 | (defun nsm-protocol-check--intermediary-sha1 (host port status _) | ||
| 259 | ;; We want to check all intermediary certificates, so we skip the | ||
| 260 | ;; first, reverse the list and then skip the first again, so we miss | ||
| 261 | ;; the first and final certificates in the chain. | ||
| 262 | (cl-loop for certificate in (cdr (reverse | ||
| 263 | (cdr (plist-get status :certificates)))) | ||
| 264 | for algo = (plist-get certificate :signature-algorithm) | ||
| 265 | when (and (string-match "\\bSHA1\\b" algo) | ||
| 266 | (not (nsm-query | ||
| 267 | host port status :signature-sha1 | ||
| 268 | "An intermediary certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe." | ||
| 269 | host port algo))) | ||
| 270 | do (cl-return nil) | ||
| 271 | finally (cl-return t))) | ||
| 272 | |||
| 249 | (defun nsm-protocol-check--ssl (host port status _) | 273 | (defun nsm-protocol-check--ssl (host port status _) |
| 250 | (let ((protocol (plist-get status :protocol))) | 274 | (let ((protocol (plist-get status :protocol))) |
| 251 | (or (not protocol) | 275 | (or (not protocol) |