Bug 1331446

Summary: Emacs lowers security level of the SSL connection to the MELPA packages repository
Product: Red Hat Enterprise Linux 7 Reporter: Matěj Cepl <mcepl>
Component: emacsAssignee: Jan Synacek <jsynacek>
Status: CLOSED NEXTRELEASE QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: fsumsal, nmavrogi, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: emacs-24.3-22.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-12 11:05:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
screenshot of the (IMHO) correct connection in Firefox none

Description Matěj Cepl 2016-04-28 14:20:49 UTC 
Created attachment 1151933 [details]
screenshot of the (IMHO) correct connection in Firefox

Description of problem:
When connecting with emacs to https://melpa.org/packages/ (most common repository of Emacs third-party packages) I get the error message:

    gnutls.c: [1] Note that the security level of the Diffie-Hellman key
    exchange has been lowered to 256 bits and this may allow decryption
    of  the session data

That sounds like a very bad idea to me.

Version-Release number of selected component (if applicable):
emacs-24.3-18.el7.x86_64
gnutls-3.3.22-1.el7.x86_64

How reproducible:
100% (2 out of 2)

Steps to Reproduce:
1. Follow http://melpa.org/#/getting-started and to ~/.emacs

(require 'package)
(add-to-list 'package-archives
             '("melpa" . "https://melpa.org/packages/"))
(package-initialize)

2. Restart Emacs
3. Meta-[X]package-list-packages[ENTER]

Actual results:
Error log shows the above shown error message, however, then Emacs
connects and the list of packages shows up.

Expected results:
Firefox on the same URL is pretty happy with the connection settings
shown in the attached screenshot and it seems to be happy.

Additional info:
Comment 1 Jan Synacek 2016-05-10 06:57:57 UTC 
Melpa seems to advertise DH keys with more than 256 (Emacs default) prime number bits. The following makes the connection work without warnings:

(setq gnutls-min-prime-bits 1024)

I'm not sure if this is something to "fix", though. Even with the latest Emacs (25.0.93), the option is still set to 256 by default. I would suggest putting the workaround above into a KB article and close this bug.
Comment 2 Nikos Mavrogiannopoulos 2016-05-10 07:55:48 UTC 
This is not about getting rid of a warning. A low value such as 256 bits by default puts users at risk. We are in the process of harmonizing the crypto rules across the distribution and having each software apply its own (and in that case also insecure) default settings is against that effort.
Comment 3 Tomas Mraz 2016-05-10 08:27:47 UTC 
As Nikos said there is no point in Emacs changing the value from the default at all. Or at least it should not change it without explicit configuration modification by user.
Comment 4 Matěj Cepl 2016-05-10 11:28:46 UTC 
@Jan Synacek: I think Tomáš is talking about https://fedoraproject.org/wiki/Changes/CryptoPolicy ... the point is that applications should not deal with the crypto policy at all, but rather should use (hopefully sensible) system defaults.
Comment 7 Jan Synacek 2018-09-12 11:05:57 UTC 
Will be fixed together with bz#1403643.