* lisp/net/nsm.el (nsm-check-protocol): Test for RC4 on `high'.

7befee11 · Lars Magne Ingebrigtsen · ad67503f · 7befee11 · 7befee11
Commit 7befee11 authored Dec 08, 2014 by Lars Magne Ingebrigtsen
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 2 deletions

lisp/ChangeLog lisp/ChangeLog +4 -0

lisp/net/nsm.el lisp/net/nsm.el +13 -2

No files found.
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
+2014-12-08  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+	* net/nsm.el (nsm-check-protocol): Test for RC4 on `high'.
+
 2014-12-08  Stefan Monnier  <monnier@iro.umontreal.ca>

 	* progmodes/gud.el (gud-gdb-completions): Remove unused var `start'.

--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -177,7 +177,11 @@ unencrypted."
 	  process))))))

 (defun nsm-check-protocol (process host port status settings)
-  (let ((prime-bits (plist-get status :diffie-hellman-prime-bits)))
+  (let ((prime-bits (plist-get status :diffie-hellman-prime-bits))
+	(encryption (format "%s-%s-%s"
+			    (plist-get status :key-exchange)
+			    (plist-get status :cipher)
+			    (plist-get status :mac))))
    (cond
     ((and prime-bits
 	   (< prime-bits 1024)
@@ -186,10 +190,17 @@ unencrypted."
 	   (not
 	    (nsm-query
 	     host port status :diffie-hellman-prime-bits
-	     "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considerer safe (%s)."
+	     "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considered safe (%s)."
 	     prime-bits host port 1024)))
      (delete-process process)
      nil)
+     ((and (string-match "\\bRC4\\b" encryption)
+	   (not (memq :rc4 (plist-get settings :conditions)))
+	   (not
+	    (nsm-query
+	     host port status :rc4
+	     "The connection to %s:%s uses the RC4 algorithm (%s), which is believed to be unsafe."
+	     host port encryption))))
     (t
      process))))