Function: nsm-protocol-check--export-kx

nsm-protocol-check--export-kx is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--export-kx HOST PORT STATUS &optional SETTINGS)

Documentation

Check for RSA-EXPORT key exchange.

EXPORT cipher suites are a family of 40-bit and 56-bit effective security algorithms legally exportable by the United States in the early 90s[1]. They can be broken in seconds on 2018 hardware.

Prior to 3.2.0, GnuTLS had only supported RSA-EXPORT key exchange. Since 3.2.0, RSA-EXPORT had been removed, therefore, this check has no effect on GnuTLS >= 3.2.0.

Reference:

[1]: Schneier, Bruce (1996). Applied Cryptography (Second ed.).
John Wiley & Sons. ISBN 0-471-11709-9.
[2]: N. Mavrogiannopoulos, FSF (Apr 2015). "GnuTLS NEWS -- History
of user-visible changes." Version 3.4.0, https://gitlab.com/gnutls/gnutls/blob/master/NEWS

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defun nsm-protocol-check--export-kx (_host _port status &optional _settings)
  "Check for RSA-EXPORT key exchange.

EXPORT cipher suites are a family of 40-bit and 56-bit effective
security algorithms legally exportable by the United States in
the early 90s[1].  They can be broken in seconds on 2018 hardware.

Prior to 3.2.0, GnuTLS had only supported RSA-EXPORT key
exchange.  Since 3.2.0, RSA-EXPORT had been removed, therefore,
this check has no effect on GnuTLS >= 3.2.0.

Reference:

[1]: Schneier, Bruce (1996).  Applied Cryptography (Second ed.).
John Wiley & Sons.  ISBN 0-471-11709-9.
[2]: N. Mavrogiannopoulos, FSF (Apr 2015).  \"GnuTLS NEWS -- History
of user-visible changes.\" Version 3.4.0,
`https://gitlab.com/gnutls/gnutls/blob/master/NEWS'"
  (when (< libgnutls-version 30200)
    (let ((kx (plist-get status :key-exchange)))
      (and (string-match "\\bEXPORT\\b" kx)
           (format-message
            "EXPORT level key exchange (%s) is insecure"
            kx)))))