From 3302b7cd7f0afe9144cec2343902488fbe02d415 Mon Sep 17 00:00:00 2001 From: Lars Ingebrigtsen Date: Sun, 24 Jun 2018 14:48:30 +0200 Subject: [PATCH] Mention the NSM in the gnutls variable doc strings * gnutls.el (gnutls-algorithm-priority): Mention the Network Security Manager here since this variable is an obvious place for people concerned about network security to look. (gnutls-verify-error): Ditto. (gnutls-min-prime-bits): Ditto. --- lisp/net/gnutls.el | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 85c9308c0d2..4cc1f5f4c3d 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -46,7 +46,13 @@ (defcustom gnutls-algorithm-priority nil "If non-nil, this should be a TLS priority string. For instance, if you want to skip the \"dhe-rsa\" algorithm, -set this variable to \"normal:-dhe-rsa\"." +set this variable to \"normal:-dhe-rsa\". + +This variable can be useful for modifying low-level TLS +connection parameters (for instance if you need to connect to a +host that only accepts a specific algorithm), but general Emacs +network security is handled by the Network Security Manager. See +Info node `(emacs) Network Security'." :group 'gnutls :type '(choice (const nil) string)) @@ -72,7 +78,13 @@ corresponding conditions to be tested are: If the condition test fails, an error will be signaled. If the value of this variable is t, every connection will be subjected -to all of the tests described above." +to all of the tests described above. + +The default value of this variable is nil, which means that no +checks are performed at the gnutls level. Instead the checks are +performed via `open-network-stream' at a higher level by the +Network Security Manager. See Info node `(emacs) Network +Security'." :group 'gnutls :version "24.4" :type '(choice @@ -111,7 +123,14 @@ number with fewer than this number of bits, the handshake is rejected. \(The smaller the prime number, the less secure the key exchange is against man-in-the-middle attacks.) -A value of nil says to use the default GnuTLS value." +A value of nil says to use the default GnuTLS value. + +The default value of this variable is such that virtually any +connection can be established, whether this connection can be +considered cryptographically \"safe\" or not. However, Emacs +network security is handled at a higher level via +`open-network-stream' and the Network Security Manager. See Info +node `(emacs) Network Security'." :type '(choice (const :tag "Use default value" nil) (integer :tag "Number of bits" 512)) :group 'gnutls)