* lisp/net/nsm.el (nsm-check-protocol): Test for RC4 on `high'.

2 files changed, 17 insertions, 2 deletions

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 62a603b6790..696a42b6b1c 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,7 @@
+2014-12-08  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+        * net/nsm.el (nsm-check-protocol): Test for RC4 on `high'.
+
 2014-12-08  Stefan Monnier  <monnier@iro.umontreal.ca>
 
         * progmodes/gud.el (gud-gdb-completions): Remove unused var `start'.
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 659f96922c5..16e07ff088c 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -177,7 +177,11 @@ unencrypted."
           process))))))
 
 (defun nsm-check-protocol (process host port status settings)
-  (let ((prime-bits (plist-get status :diffie-hellman-prime-bits)))
+  (let ((prime-bits (plist-get status :diffie-hellman-prime-bits))
+        (encryption (format "%s-%s-%s"
+                            (plist-get status :key-exchange)
+                            (plist-get status :cipher)
+                            (plist-get status :mac))))
     (cond
      ((and prime-bits
            (< prime-bits 1024)
@@ -186,10 +190,17 @@ unencrypted."
            (not
             (nsm-query
              host port status :diffie-hellman-prime-bits
-             "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considerer safe (%s)."
+             "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considered safe (%s)."
              prime-bits host port 1024)))
       (delete-process process)
       nil)
+     ((and (string-match "\\bRC4\\b" encryption)
+           (not (memq :rc4 (plist-get settings :conditions)))
+           (not
+            (nsm-query
+             host port status :rc4
+             "The connection to %s:%s uses the RC4 algorithm (%s), which is believed to be unsafe."
+             host port encryption))))
      (t
       process))))