Re: Bug#766395: emacs/gnus: Uses s

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From:	Florian Weimer
Subject:	Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date:	Sun, 26 Oct 2014 08:38:18 +0100

* Richard Stallman:

> Is it feasible to warn users about this
> whenever it is about to fall back to SSL3 in cases where that would
> cause a danger?

No, because Emacs does not perform fallback.  (GNUTLS automatically
upgrades away from SSL 3.0 if possible, and this upgrade is a
cryptographically protected part of the handshake.)  Emacs could warn
if a connection uses SSL 3.0.  However, it will be difficult to
explain the exact implication of the warning.  At present, there is
not even consensus among programmers how bad SSL 3.0 actually is.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., (continued)

Prev by Date: Re: History for query replace pairs
Next by Date: Re: gfile-based file notifications are not immediate
Previous by thread: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Next by thread: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Index(es):
- Date
- Thread