X-Git-Url: https://code.delx.au/gnu-emacs/blobdiff_plain/699c782b7668c44d0fa4446331b0590a6d5dac82..e233e1000e6982f37c196dbd6b0f654ba61ffa08:/lisp/net/gnutls.el diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 1bc319c796..243c64ec45 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -1,6 +1,6 @@ ;;; gnutls.el --- Support SSL/TLS connections through GnuTLS -;; Copyright (C) 2010-2012 Free Software Foundation, Inc. +;; Copyright (C) 2010-2013 Free Software Foundation, Inc. ;; Author: Ted Zlatanov ;; Keywords: comm, tls, ssl, encryption @@ -35,7 +35,7 @@ ;;; Code: -(eval-when-compile (require 'cl)) +(eval-when-compile (require 'cl-lib)) (defgroup gnutls nil "Emacs interface to the GnuTLS library." @@ -66,14 +66,16 @@ The files may not exist, in which case they will be ignored." (repeat (file :tag "Bundle filename")))) ;;;###autoload -(defcustom gnutls-min-prime-bits nil - "The minimum number of bits to be used in Diffie-Hellman key exchange. - -This sets the minimum accepted size of the key to be used in a -client-server handshake. If the server sends a prime with fewer than -the specified number of bits the handshake will fail. - -A value of nil says to use the default gnutls value." +(defcustom gnutls-min-prime-bits 256 + ;; Several mail servers send fewer bits than the GnuTLS default. + ;; Currently, 256 appears to be a reasonable choice (Bug#11267). + "Minimum number of prime bits accepted by GnuTLS for key exchange. +During a Diffie-Hellman handshake, if the server sends a prime +number with fewer than this number of bits, the handshake is +rejected. \(The smaller the prime number, the less secure the +key exchange is against man-in-the-middle attacks.) + +A value of nil says to use the default GnuTLS value." :type '(choice (const :tag "Use default value" nil) (integer :tag "Number of bits" 512)) :group 'gnutls) @@ -118,7 +120,7 @@ trust and key files, and priority string." (declare-function gnutls-boot "gnutls.c" (proc type proplist)) (declare-function gnutls-errorp "gnutls.c" (error)) -(defun* gnutls-negotiate +(cl-defun gnutls-negotiate (&rest spec &key process type hostname priority-string trustfiles crlfiles keylist min-prime-bits