Variable: network-security-protocol-checks

network-security-protocol-checks is a customizable variable defined in nsm.el.gz.

Value

((version medium)
 (compression medium)
 (renegotiation-info-ext medium)
 (verify-cert medium)
 (same-cert medium)
 (null-suite medium)
 (export-kx medium)
 (anon-kx medium)
 (md5-sig medium)
 (rc4-cipher medium)
 (dhe-prime-kx medium)
 (sha1-sig medium)
 (ecdsa-cbc-cipher medium)
 (dhe-kx high)
 (rsa-kx high)
 (3des-cipher high)
 (cbc-cipher high))

Documentation

This variable specifies what TLS connection checks to perform.

It's an alist where the key is the name of the check, and the value is the minimum security level the check should begin.

Each check function is called with the parameters HOST PORT STATUS SETTINGS. HOST is the host domain, PORT is a TCP port number, STATUS is the peer status returned by gnutls-peer-status, and SETTINGS is the persistent and session settings for the host HOST. Please refer to the contents of nsm-settings-file for details. If a problem is found, the check function is required to return an error message, and nil otherwise.

See also: nsm-check-tls-connection, nsm-save-host-names, nsm-settings-file

This variable was added, or its default value changed, in Emacs 27.1.

Probably introduced at or before Emacs version 27.1.

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defcustom network-security-protocol-checks
  '(;; Old Known Weaknesses.
    (version                medium)
    (compression            medium)
    (renegotiation-info-ext medium)
    (verify-cert            medium)
    (same-cert              medium)
    (null-suite             medium)
    (export-kx              medium)
    (anon-kx                medium)
    (md5-sig                medium)
    (rc4-cipher             medium)
    ;; Weaknesses made known after 2013.
    (dhe-prime-kx           medium)
    (sha1-sig               medium)
    (ecdsa-cbc-cipher       medium)
    ;; Towards TLS 1.3
    (dhe-kx                 high)
    (rsa-kx                 high)
    (3des-cipher            high)
    (cbc-cipher             high))
  "This variable specifies what TLS connection checks to perform.
It's an alist where the key is the name of the check, and the
value is the minimum security level the check should begin.

Each check function is called with the parameters HOST PORT
STATUS SETTINGS.  HOST is the host domain, PORT is a TCP port
number, STATUS is the peer status returned by
`gnutls-peer-status', and SETTINGS is the persistent and session
settings for the host HOST.  Please refer to the contents of
`nsm-settings-file' for details.  If a problem is found, the check
function is required to return an error message, and nil
otherwise.

See also: `nsm-check-tls-connection', `nsm-save-host-names',
`nsm-settings-file'"
  :version "27.1"
  :type '(repeat (list (symbol :tag "Check function")
                       (choice :tag "Level"
                               :value medium
                               (const :tag "Low" low)
                               (const :tag "Medium" medium)
                               (const :tag "High" high)))))