On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote: > Kurt Roeckx writes: > > > From what I understand, it is (or was) possible to configure > > things in such a way that it uses s_client to set up SSL, even > > when it's configured to use gnutls. You should never use s_client > > for that. s_client is a debug tool. It does create an SSL > > connection for you, but in an insecure way. > > Emacs has built-in TLS support these days, so s_client is only used if > the user (for some weird reason or other) has built or installed a > version of Emacs without TLS support. > > I think that should probably be removed, because it's less secure than > users would expect. This is now a release-blocking bug, but hasn't seen any activity in the last year or so. It would be good to see this finally fixed! Obviously, one should never use openssl s_client for stuff like this... I should also note that even though Emacs 24 supports TLS natively now, its handling of X509 certificate is really problematic, as documented in #816063. I would hardly consider it complete. Emacs 25 doesn't suffer from those issues, but may still allow s_client... A. -- Il est sage de nous réconcilier avec notre adolescence ; haїr, mépriser, nier ou simplement oublier l’adolescent que nous fûmes est en soi une attitude adolescente. - Daniel Pennac, Comme un roman