emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecate TLS1.0 support in emacs

From: Lars Ingebrigtsen
Subject: Re: Deprecate TLS1.0 support in emacs
Date: Tue, 01 Aug 2017 16:53:17 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) 
Paul Eggert <address@hidden> writes:

> Last year I would have agreed, but nowadays I think it'd be better to
> warn about TLS 1.0 somehow. According to
> https://www.ssllabs.com/ssl-pulse/ from July 2016 to July 2017 TLS
> v1.2 support climbed from 78.3% to 87.3%, whereas support for TLS v1.0
> dropped from 97.3% to to 93.4% as the higher-end sites tighten up
> security. By the time the next version of Emacs comes out, it looks
> like a mild warning about TLS v1.0 will be appropriate.

Yes, I agree.  eww, for instance, could remove the green URL when using
TLS 1.0, etc.  But the proposed NSM warning (which would make the user
answer "y" to a direct question about the TLS-ness) is too heavy, in my
opinion.

But having the warning on the `high' NSM setting is fine with me, and
I'll see what I can do about removing green URLs from eww...

Other services, like SMTP/IMAP/etc will have to invent other
"lightweight" ways to tell the user that the content is on the insecure
side.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
reply via email to
[Prev in Thread] Current Thread [Next in Thread]