[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Deprecate TLS1.0 support in emacs
From: |
Lars Ingebrigtsen |
Subject: |
Re: Deprecate TLS1.0 support in emacs |
Date: |
Tue, 01 Aug 2017 16:53:17 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Paul Eggert <address@hidden> writes:
> Last year I would have agreed, but nowadays I think it'd be better to
> warn about TLS 1.0 somehow. According to
> https://www.ssllabs.com/ssl-pulse/ from July 2016 to July 2017 TLS
> v1.2 support climbed from 78.3% to 87.3%, whereas support for TLS v1.0
> dropped from 97.3% to to 93.4% as the higher-end sites tighten up
> security. By the time the next version of Emacs comes out, it looks
> like a mild warning about TLS v1.0 will be appropriate.
Yes, I agree. eww, for instance, could remove the green URL when using
TLS 1.0, etc. But the proposed NSM warning (which would make the user
answer "y" to a direct question about the TLS-ness) is too heavy, in my
opinion.
But having the warning on the `high' NSM setting is fine with me, and
I'll see what I can do about removing green URLs from eww...
Other services, like SMTP/IMAP/etc will have to invent other
"lightweight" ways to tell the user that the content is on the insecure
side.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: Deprecate TLS1.0 support in emacs, Robert Pluim, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Lars Ingebrigtsen, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Robert Pluim, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Paul Eggert, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs,
Lars Ingebrigtsen <=
- Re: Deprecate TLS1.0 support in emacs, Robert Pluim, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Stefan Monnier, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Lars Ingebrigtsen, 2017/08/03
- Re: Deprecate TLS1.0 support in emacs, Stefan Monnier, 2017/08/03
- Re: Deprecate TLS1.0 support in emacs, Ted Zlatanov, 2017/08/03
- Re: Deprecate TLS1.0 support in emacs, Eli Zaretskii, 2017/08/04
- Re: Deprecate TLS1.0 support in emacs, Ted Zlatanov, 2017/08/04
- Re: Deprecate TLS1.0 support in emacs, Eli Zaretskii, 2017/08/04
- Re: Deprecate TLS1.0 support in emacs, Stefan Monnier, 2017/08/04
- Re: Deprecate TLS1.0 support in emacs, Ted Zlatanov, 2017/08/04