Re: git send-email with ancient SMTP server … dh key too smalll

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri Aug 9, 2024 at 9:17 PM CEST, brian m. carlson wrote:
> If you're using level 2, then the requirement is the equivalent of 112
> bits of security, which is still inadequate by today's standards (which
> suggest 128 bits of security, or level 3).  Level 1 is 80 bits, which is
> probably attackable by government agencies.

We are talking about sending patches to the public email lists
(and yes, considering my other emails, I can live with them
being snooped on by government agencies, they are welcome to my
ramblings in emails).

> What you're looking for is an OpenSSL configuration on your system.  On
> my Debian system, the configuration file is in `/etc/ssl/openssl.cnf`.
> The steps for what you need to set are available at several different
> places online.
> https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
> is an example you can use.

Well, but that would degrade the security of the whole system for
all purposes it uses OpenSSL, right? That’s rather too drastic.

> I don't believe that Git provides a set of TLS configuration options for
> `git send-email`, but if it did, you could control the configuration by
> specifying cipher suites as `DEFAULT@SECLEVEL=1`.  You might, but
> probably would not, need to configure the minimum protocol to something
> lower as well.  I believe CentOS 6 does support TLS 1.2, so that should
> be a fine default and shouldn't need to be modified.

Thank you, I will take a look. I found
https://stackoverflow.com/q/34176433 and
https://stackoverflow.com/a/36417794, so I will take a look at
the Perl code.

Best,

Matěj

-- 
http://matej.ceplovi.cz/blog/, @mcepl@floss.social
GPG Finger: 3C76 A027 CA45 AD70 98B5  BC1D 7920 5802 880B C9D8
 
See, when the GOVERNMENT spends money, it creates jobs; whereas
when the money is left in the hands of TAXPAYERS, God only knows
what they do with it. Bake it into pies, probably. Anything to
avoid creating jobs.
    -- Dave Barry

Attachment: E09FEF25D96484AC.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux