[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
From: |
Florian Weimer |
Subject: |
Re: Bug#766395: emacs/gnus: Uses s_client to for SSL. |
Date: |
Sun, 26 Oct 2014 08:38:18 +0100 |
* Richard Stallman:
> Is it feasible to warn users about this
> whenever it is about to fall back to SSL3 in cases where that would
> cause a danger?
No, because Emacs does not perform fallback. (GNUTLS automatically
upgrades away from SSL 3.0 if possible, and this upgrade is a
cryptographically protected part of the handshake.) Emacs could warn
if a connection uses SSL 3.0. However, it will be difficult to
explain the exact implication of the warning. At present, there is
not even consensus among programmers how bad SSL 3.0 actually is.
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., (continued)
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stephen J. Turnbull, 2014/10/24
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/24
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Lars Magne Ingebrigtsen, 2014/10/24
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/24
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Ted Zlatanov, 2014/10/25
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Lars Magne Ingebrigtsen, 2014/10/25
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer, 2014/10/26
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Lars Magne Ingebrigtsen, 2014/10/26
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer, 2014/10/26
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Richard Stallman, 2014/10/25
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.,
Florian Weimer <=
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stephen J. Turnbull, 2014/10/24
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/24
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stephen J. Turnbull, 2014/10/27
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/27
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stephen J. Turnbull, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Thien-Thi Nguyen, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stephen J. Turnbull, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stefan Monnier, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer, 2014/10/28