search

vermiculus / sx.el

Stack Exchange for Emacs
http://stackapps.com/q/3950
709 stars 40 forks source link

Security level lowered to 256 bits #283

Open rickardnorlander opened 9 years ago

rickardnorlander commented 9 years ago

Do: sx-tab-all-questions Happens: Emacs displays a warning that security level of diffie-hellman has been lowered to 256 bits, and that session data may be decrypted.

I don't really know what it means but it sounds bad.

vermiculus commented 9 years ago

I'm not sure how to reproduce this issue, but I'll research it. Any additional information you can give me (logs, traces, etc.) would be very helpful :)

Here's what shows up in my *Messages* buffer when I M-x sx-tab-all-questions:

Contacting host: api.stackexchange.com:443
Opening TLS connection to `api.stackexchange.com'...
Opening TLS connection with `gnutls-cli --insecure -p 443 api.stackexchange.com'...done
Opening TLS connection to `api.stackexchange.com'...done
[sx] Done.

Running on OSX 10.10.2 with GNU Emacs 24.5.

vermiculus commented 9 years ago

Did a quickie and found this:

gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
has been lowered to 256 bits and this may allow decryption of the session data

If you’re getting this warning, add the following to your init file:

(setq gnutls-min-prime-bits 1024)

There’s an explanation on the mailing list.

Does that help at all?