Variable: network-security-protocol-checks

network-security-protocol-checks is a customizable variable defined in nsm.el.gz.

Value

((version medium) (compression medium) (renegotiation-info-ext medium)
 (verify-cert medium) (same-cert medium) (null-suite medium)
 (export-kx medium) (anon-kx medium) (md5-sig medium)
 (rc4-cipher medium) (dhe-prime-kx medium) (sha1-sig medium)
 (ecdsa-cbc-cipher medium) (3des-cipher medium) (dhe-kx medium)
 (rsa-kx medium) (cbc-cipher high))

Documentation

Alist of TLS connection checks to perform.

The key is the name of the check, and the value is the minimum security level the check should begin.

Each check function is called with the parameters HOST PORT STATUS SETTINGS. HOST is the host domain, PORT is a TCP port number, STATUS is the peer status returned by gnutls-peer-status, and SETTINGS is the persistent and session settings for the host HOST. Please refer to the contents of nsm-settings-file for details. If a problem is found, the check function is required to return an error message, and nil otherwise.

See also: nsm-check-tls-connection, nsm-save-host-names, nsm-settings-file

This variable was added, or its default value changed, in Emacs 31.1.

View in manual

Probably introduced at or before Emacs version 27.1.

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defcustom network-security-protocol-checks
  '(;; Old Known Weaknesses.
    (version                medium)
    (compression            medium)
    (renegotiation-info-ext medium)
    (verify-cert            medium)
    (same-cert              medium)
    (null-suite             medium)
    (export-kx              medium)
    (anon-kx                medium)
    (md5-sig                medium)
    (rc4-cipher             medium)
    ;; Weaknesses made known after 2013.
    (dhe-prime-kx           medium)
    (sha1-sig               medium)
    (ecdsa-cbc-cipher       medium)
    ;; Deprecated by NIST from 2016/2023 (see also CVE-2016-2183).
    (3des-cipher            medium)
    ;; Towards TLS 1.3
    (dhe-kx                 medium)
    (rsa-kx                 medium)
    (cbc-cipher             high))
  "Alist of TLS connection checks to perform.
The key is the name of the check, and the value is the minimum security
level the check should begin.

Each check function is called with the parameters HOST PORT STATUS
SETTINGS.  HOST is the host domain, PORT is a TCP port number, STATUS is
the peer status returned by `gnutls-peer-status', and SETTINGS is the
persistent and session settings for the host HOST.  Please refer to the
contents of `nsm-settings-file' for details.  If a problem is found, the
check function is required to return an error message, and nil
otherwise.

See also: `nsm-check-tls-connection', `nsm-save-host-names',
`nsm-settings-file'"
  :type '(repeat (list (symbol :tag "Check function")
                       (choice :tag "Level"
                               :value medium
                               (const :tag "Low" low)
                               (const :tag "Medium" medium)
                               (const :tag "High" high))))
  :version "31.1")