Function: nsm-protocol-check--renegotiation-info-ext

nsm-protocol-check--renegotiation-info-ext is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--renegotiation-info-ext HOST PORT STATUS &optional SETTINGS)

Documentation

Check for renegotiation_info TLS extension status.

If this TLS extension is not used, the connection established is vulnerable to an attack in which an impersonator can extract sensitive information such as HTTP session ID cookies or login passwords. Renegotiation was removed in TLS1.3, so this is only checked for earlier protocol versions.

Reference:

E. Rescorla, M. Ray, S. Dispensa, N. Oskov (Feb 2010). "Transport Layer Security (TLS) Renegotiation Indication Extension", https://tools.ietf.org/html/rfc5746

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
;; Extension checks

(defun nsm-protocol-check--renegotiation-info-ext (_host _port status
                                                  &optional _settings)
  "Check for renegotiation_info TLS extension status.

If this TLS extension is not used, the connection established is
vulnerable to an attack in which an impersonator can extract
sensitive information such as HTTP session ID cookies or login
passwords.  Renegotiation was removed in TLS1.3, so this is only
checked for earlier protocol versions.

Reference:

E. Rescorla, M. Ray, S. Dispensa, N. Oskov (Feb 2010).  \"Transport
Layer Security (TLS) Renegotiation Indication Extension\",
`https://tools.ietf.org/html/rfc5746'"
  (when (plist-member status :safe-renegotiation)
    (let ((unsafe-renegotiation (not (plist-get status :safe-renegotiation))))
      (and unsafe-renegotiation
           (format-message
            "safe renegotiation is not supported, connection not protected from impersonators")))))