From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Kurt Roeckx Newsgroups: gmane.emacs.devel Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL. Date: Thu, 23 Oct 2014 21:11:57 +0200 Message-ID: <20141023191157.GB14938@roeckx.be> References: <20141022193441.GA11872@roeckx.be> <87zjcnj2k6.fsf@trouble.defaultvalue.org> <87mw8mzmxj.fsf@mid.deneb.enyo.de> <20141023143702.3897e618@jabberwock.cb.piermont.com> <8761fazkx7.fsf@mid.deneb.enyo.de> <20141023145721.12ed0820@jabberwock.cb.piermont.com> <87vbnay5lf.fsf@mid.deneb.enyo.de> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1414092091 29299 80.91.229.3 (23 Oct 2014 19:21:31 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 23 Oct 2014 19:21:31 +0000 (UTC) Cc: emacs-devel@gnu.org, Rob Browning , "Perry E. Metzger" To: Florian Weimer Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 23 21:21:24 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XhNwp-0001hh-Tg for ged-emacs-devel@m.gmane.org; Thu, 23 Oct 2014 21:21:24 +0200 Original-Received: from localhost ([::1]:43114 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XhNwp-00027U-7E for ged-emacs-devel@m.gmane.org; Thu, 23 Oct 2014 15:21:23 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35006) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XhNnn-0007VH-Ao for emacs-devel@gnu.org; Thu, 23 Oct 2014 15:12:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XhNni-0004Vi-Ds for emacs-devel@gnu.org; Thu, 23 Oct 2014 15:12:03 -0400 Original-Received: from defiant.e-webshops.eu ([82.146.122.140]:54996) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XhNni-0004Vc-7a for emacs-devel@gnu.org; Thu, 23 Oct 2014 15:11:58 -0400 Original-Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id D02C91C2108; Thu, 23 Oct 2014 21:11:57 +0200 (CEST) Original-Received: by intrepid.roeckx.be (Postfix, from userid 1000) id B21441FE01CC; Thu, 23 Oct 2014 21:11:57 +0200 (CEST) Content-Disposition: inline In-Reply-To: <87vbnay5lf.fsf@mid.deneb.enyo.de> User-Agent: Mutt/1.5.23 (2014-03-12) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 82.146.122.140 X-Mailman-Approved-At: Thu, 23 Oct 2014 15:21:02 -0400 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175752 Archived-At: On Thu, Oct 23, 2014 at 08:59:56PM +0200, Florian Weimer wrote: > * Perry E. Metzger: > > > On Thu, 23 Oct 2014 20:43:32 +0200 Florian Weimer > >> Keep in mind that TLS 1.0 basically has the same problem as SSL 3.0, > >> and support for protocols beyond TLS 1.0 is not actually widespread. > > > > Connections to most of the top sites are TLS 1.2 at this point. > > Google is TLS 1.2. Facebook is TLS 1.2. Amazon is TLS 1.2. Apple is > > TLS 1.2. I could go on and on. > > Many IMAP servers running on free software still use OpenSSL 1.0.0 or > even OpenSSL 0.9.8, which do not support TLS 1.2. Interoperability > with those should be our priority, not the proprietary services you > listed. TLS 1.1 and 1.2 support was added in OpenSSL 1.0.1. It was released in March 2012. It's unfortunate that support wasn't added much sooner. But 1.0.X should be binary compatible with 1.0.0, and we recommend that you upgraded to either 1.0.1 or the soon to be released 1.0.2. Kurt