From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Perry E. Metzger" <perry@piermont.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Thu, 23 Oct 2014 14:37:02 -0400
Message-ID: <20141023143702.3897e618@jabberwock.cb.piermont.com>
References: <20141022193441.GA11872@roeckx.be>
	<87zjcnj2k6.fsf@trouble.defaultvalue.org>
	<E1XhLLS-0005Pt-BQ@fencepost.gnu.org>
	<87mw8mzmxj.fsf@mid.deneb.enyo.de>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1414089450 14642 80.91.229.3 (23 Oct 2014 18:37:30 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 23 Oct 2014 18:37:30 +0000 (UTC)
Cc: rms@gnu.org, 766397@bugs.debian.org, kurt@roeckx.be, emacs-devel@gnu.org,
	766397-forwarded@bugs.debian.org, Rob Browning <rlb@defaultvalue.org>
To: Florian Weimer <fw@deneb.enyo.de>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 23 20:37:22 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XhNGB-0004zR-6O
	for ged-emacs-devel@m.gmane.org; Thu, 23 Oct 2014 20:37:19 +0200
Original-Received: from localhost ([::1]:42946 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XhNG7-0000cn-Px
	for ged-emacs-devel@m.gmane.org; Thu, 23 Oct 2014 14:37:15 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55346)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1XhNG0-0000XH-KR
	for emacs-devel@gnu.org; Thu, 23 Oct 2014 14:37:12 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1XhNFw-0000Pp-8W
	for emacs-devel@gnu.org; Thu, 23 Oct 2014 14:37:08 -0400
Original-Received: from hacklheber.piermont.com ([166.84.7.14]:41910)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <perry@piermont.com>)
	id 1XhNFw-0000Pl-4J; Thu, 23 Oct 2014 14:37:04 -0400
Original-Received: from snark.cb.piermont.com (localhost [127.0.0.1])
	by hacklheber.piermont.com (Postfix) with ESMTP id 467FB1513;
	Thu, 23 Oct 2014 14:37:03 -0400 (EDT)
Original-Received: from jabberwock.cb.piermont.com (jabberwock.cb.piermont.com
	[10.160.2.107])
	by snark.cb.piermont.com (Postfix) with ESMTP id 163A02DFCBF;
	Thu, 23 Oct 2014 14:37:03 -0400 (EDT)
In-Reply-To: <87mw8mzmxj.fsf@mid.deneb.enyo.de>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.25; x86_64-apple-darwin14.0.0)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 166.84.7.14
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175748
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175748>

On Thu, 23 Oct 2014 20:00:08 +0200 Florian Weimer <fw@deneb.enyo.de>
wrote:
> * Richard Stallman:
> 
> > I've read that falling back to ssl3 is a real security hole,
> > being exploited frequently.  That feature should be removed.
> 
> GNUTLS automatically and securely upgrades to a TLS protocol if
> supported by the server.  Dropping SSL 3.0 support altogether will
> only encourage unencrypted connections instead.

I disagree. It will encourage people to upgrade from a flawed
protocol to one that works. Many people running servers are utterly
unaware that there's anything wrong with what they're using right now
-- if you leave in support forever, they'll never figure it out.

Perry
-- 
Perry E. Metzger		perry@piermont.com