From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: Deprecate TLS1.0 support in emacs Date: Tue, 01 Aug 2017 15:01:24 +0200 Message-ID: <8760e7wifv.fsf@gmail.com> References: <87o9sp7qok.fsf@gmail.com> <87zic9vk98.fsf@mouse> <87fue17mo5.fsf@gmail.com> <87tw2hvhob.fsf@mouse> <8760ex63hi.fsf@gmail.com> <87fue1v5lr.fsf@mouse> <87shi0tqh3.fsf@gmail.com> <87d18fwl66.fsf@gmail.com> <87tw1rihu0.fsf@mouse> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1501593987 12371 195.159.176.226 (1 Aug 2017 13:26:27 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 1 Aug 2017 13:26:27 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Cc: Richard Stallman , emacs-devel@gnu.org To: Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Aug 01 15:26:23 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dcXBl-0002uH-J1 for ged-emacs-devel@m.gmane.org; Tue, 01 Aug 2017 15:26:21 +0200 Original-Received: from localhost ([::1]:42571 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcXBq-0007yS-Tz for ged-emacs-devel@m.gmane.org; Tue, 01 Aug 2017 09:26:26 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42534) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcWnk-0003ib-6P for emacs-devel@gnu.org; Tue, 01 Aug 2017 09:01:37 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcWnf-000596-Lo for emacs-devel@gnu.org; Tue, 01 Aug 2017 09:01:32 -0400 Original-Received: from mail-wm0-x236.google.com ([2a00:1450:400c:c09::236]:36304) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dcWnf-00058X-FO; Tue, 01 Aug 2017 09:01:27 -0400 Original-Received: by mail-wm0-x236.google.com with SMTP id t201so14038579wmt.1; Tue, 01 Aug 2017 06:01:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:gmane-reply-to-list:date:in-reply-to :message-id:user-agent:mime-version; bh=uS6C2COdV0bkv0HFr4AtGrr+H8tW6QObz5NnI7ih3pg=; b=cOsOTOsLIWog6q/G/N4AEaV86QCqom18gnTvwJeiQyQRYl9OvahN9rwJDmfX1BX3DA BKppNmTsAL39/bnCJQMkv+w1+0WpT2gO2Oo73wl0RTDpHhF3OqTLFhbFcd17fRzI5FrM GMlRBz8qOh70KzfgscWVJZbVQ0XuBhmWKf3M3LveZh9emDPwf57tCKGbp+h2l6MwwY8n XIC7rTAbQJuiG6YIZl++jzEy33hDJ++Txi6/LLvbz6BGhm+IPU28FAHOE1jtQmUGe8nP Ak1TIv9PMpK5PfTrBkfm7HnXDaEZuFls2Jo3C0lrq1dYjwowh9YtFknrqgTcdJuqj7Qe C9UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version; bh=uS6C2COdV0bkv0HFr4AtGrr+H8tW6QObz5NnI7ih3pg=; b=AUQSJrViPxbmyf7PEaeWDWKcEBTkRCGFWV6pJT++gTfrbUkh9tsnaFWJNFli1ff5pD doX8Psj71yIQMGg0Wd/X1lxvLvfSdAWwpGeFicOkVC3f4wuYsHOTr0CO4X2H0ITuFiaw NFK5f4rTE5Absf678JpD6GGfMkZlsJjxaOg+lygTUKLPw1FNgsPRQjI0oqf1NBI8aLvp Djq6SKJFv0UU2dgrcYtJkLSgr40IlYHDMtZ8E9uaFZIGqMkNreIecO6dQCTsupZl6x1L OfphyuHId1PFtttb/mycRs1FM0MZ4nIYZfNc+JD0NbFtTxQVZEUr+NG7PPkkhXKLVmTd RDdg== X-Gm-Message-State: AIVw111UJfJ0HZ6VxZbzlY+DixiwEIhT1VgK6E/toNwpqxk0TO7UqQLF XVvXuKpIbzCx0Zjmrfw= X-Received: by 10.80.129.227 with SMTP id 90mr7559565ede.256.1501592486022; Tue, 01 Aug 2017 06:01:26 -0700 (PDT) Original-Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id w31sm11560221edb.51.2017.08.01.06.01.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Aug 2017 06:01:25 -0700 (PDT) Gmane-Reply-To-List: yes In-Reply-To: <87tw1rihu0.fsf@mouse> (Lars Ingebrigtsen's message of "Tue, 01 Aug 2017 14:38:15 +0200") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::236 X-Mailman-Approved-At: Tue, 01 Aug 2017 09:26:21 -0400 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:217201 Archived-At: Lars Ingebrigtsen writes: > Robert Pluim writes: > >> Ping? I'd like to improve the default communication security settings >> of Emacs, the current state is too insecure for my liking. > > My feeling, as I think I said, is that it's premature to warn about > things like TLS1.0 in an intrusive manner. There's too many sites out > there that still use that protocol, and warning too much is no help for > our users. There are still many sites like that, but if we don't warn people about them, there will never be any pressure on their owners to upgrade to TLS1.2, or stop using SHA-1, or increase DH key size. How about warning as in my patch, but only at network-security-level >= high? And revisit the level later? Regards Robert