Function: nsm-protocol-check--version

nsm-protocol-check--version is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--version HOST PORT STATUS &optional SETTINGS)

Documentation

Check for SSL/TLS protocol version.

This function guards against the usage of SSL3.0, which has been deprecated by RFC7568[1], and TLS 1.0, which has been deprecated by PCI DSS[2].

References:

[1]: Barnes, Thomson, Pironti, Langley (2015). "Deprecating Secure
Sockets Layer Version 3.0", https://tools.ietf.org/html/rfc7568
[2]: PCI Security Standards Council (2016). "Migrating from SSL and
Early TLS" https://www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
;; Protocol version checks

(defun nsm-protocol-check--version (_host _port status &optional _settings)
  "Check for SSL/TLS protocol version.

This function guards against the usage of SSL3.0, which has been
deprecated by RFC7568[1], and TLS 1.0, which has been deprecated
by PCI DSS[2].

References:

[1]: Barnes, Thomson, Pironti, Langley (2015).  \"Deprecating Secure
Sockets Layer Version 3.0\", `https://tools.ietf.org/html/rfc7568'
[2]: PCI Security Standards Council (2016).  \"Migrating from SSL and
Early TLS\"
`https://www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf'"
  (let ((protocol (plist-get status :protocol)))
    (and protocol
         (or (string-match "SSL" protocol)
             (and (string-match "TLS1.\\([0-9]+\\)" protocol)
                  (< (string-to-number (match-string 1 protocol)) 1)))
         (format-message
          "%s protocol is deprecated by standard bodies"
          protocol))))