From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Deprecate TLS1.0 support in emacs
Date: Tue, 01 Aug 2017 14:02:25 +0200
Message-ID: <87d18fwl66.fsf@gmail.com>
References: <87o9sp7qok.fsf@gmail.com> <87zic9vk98.fsf@mouse>
	<87fue17mo5.fsf@gmail.com> <87tw2hvhob.fsf@mouse>
	<8760ex63hi.fsf@gmail.com> <87fue1v5lr.fsf@mouse>
	<E1dVdBY-0005SJ-QM@fencepost.gnu.org> <87shi0tqh3.fsf@gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1501589736 2015 195.159.176.226 (1 Aug 2017 12:15:36 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Tue, 1 Aug 2017 12:15:36 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)
Cc: Lars Ingebrigtsen <larsi@gnus.org>, Richard Stallman <rms@gnu.org>
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Aug 01 14:15:32 2017
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dcW5D-0000Gy-SW
	for ged-emacs-devel@m.gmane.org; Tue, 01 Aug 2017 14:15:31 +0200
Original-Received: from localhost ([::1]:42293 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dcW5F-0002s3-K7
	for ged-emacs-devel@m.gmane.org; Tue, 01 Aug 2017 08:15:33 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52991)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rpluim@gmail.com>) id 1dcVsh-0008Dm-DX
	for emacs-devel@gnu.org; Tue, 01 Aug 2017 08:02:36 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rpluim@gmail.com>) id 1dcVsg-0006Pv-Iq
	for emacs-devel@gnu.org; Tue, 01 Aug 2017 08:02:35 -0400
Original-Received: from mail-wr0-x22b.google.com ([2a00:1450:400c:c0c::22b]:34162)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <rpluim@gmail.com>)
	id 1dcVsc-0006Ma-RA; Tue, 01 Aug 2017 08:02:30 -0400
Original-Received: by mail-wr0-x22b.google.com with SMTP id 12so5934557wrb.1;
	Tue, 01 Aug 2017 05:02:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:references:gmane-reply-to-list:date:in-reply-to
	:message-id:user-agent:mime-version;
	bh=+6pfgkppiHt68JqJB82jRnUOOmcLzbKfjJ/WlMEXJsU=;
	b=qgZQxpynajIFrW7uRgkIAyWy0rP8ZoU/LwNEEZUp9L21pqckkqDF1AeF1Ef/KYUTj4
	QcaES0nrgXhYYaJWc6czj+JbiCj8JmU6wSeZ7Eh+wfG9UTw6/OCPTV8t1lWZkLX3SWFC
	8w9JeQJ274N/31hvLym8EVKh090l2+k79H2jH0GJfDvEVWEeh4lZEM1pJs/T42gMs2dm
	73M6zABptIXxm+O54rJoX1/rilB992WC+eWhx6HKcySnOB/UiH7ITsITnD1CFKmvUkS6
	n1jE3bl5fBZlcFhYOH/mDpzVxmH6RAOlga/zqcgVF8hbkLr40cy1Wu821+IK5d5QQ4mX
	XAZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:references
	:gmane-reply-to-list:date:in-reply-to:message-id:user-agent
	:mime-version;
	bh=+6pfgkppiHt68JqJB82jRnUOOmcLzbKfjJ/WlMEXJsU=;
	b=tHzs+z4vPGsZB2qCuLmIo8E2hBnku0+hActRk2ZUPyTROvYb91eOgLnJByHIcBs+5f
	acRgHUd7ypQtw394TU2TC8vxTqJluOk1B7DykbP7qx4iQ41aeto2zeLF0TEgemdlWCAX
	H/yH0e51ZsdnafO2WixECaMEWU+jN+/MdWiZk/J12fxyJwnxqpc4zISB5geI2FbaeFcz
	gFbntfl8vnIVWVFjfFTxkgSAcIpedWoW69K7fT3fmoD9Mg50gBIAMgLVZJ/u/oGVhl9q
	7x0I4c/hljTXE40aTW3ZsZ/1fQN7pcDYr6yrxF7Fdflifd1KMJdVreRtH1DRjjjGPejZ
	ZZwQ==
X-Gm-Message-State: AIVw1100YkjUAjXdsBfXsw2Jq7TQvtI+27iSnxeG98qRu/VsP544zbOw
	SV9yATPErx1AgU06wyw=
X-Received: by 10.223.135.175 with SMTP id b44mr13954209wrb.48.1501588947803; 
	Tue, 01 Aug 2017 05:02:27 -0700 (PDT)
Original-Received: from rpluim-ubuntu ([149.5.228.1])
	by smtp.gmail.com with ESMTPSA id e21sm775473wme.17.2017.08.01.05.02.26
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 01 Aug 2017 05:02:26 -0700 (PDT)
Gmane-Reply-To-List: yes
In-Reply-To: <87shi0tqh3.fsf@gmail.com> (Robert Pluim's message of "Thu, 13
	Jul 2017 15:29:28 +0200")
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c0c::22b
X-Mailman-Approved-At: Tue, 01 Aug 2017 08:15:27 -0400
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:217199
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/217199>

Robert Pluim <rpluim@gmail.com> writes:

> Richard Stallman <rms@gnu.org> writes:
>
>> I agree -- our software should not absolutely refuse to communicate
>> a way that we judge risky.  We should explain the situation and state
>> how to enable that method (perhaps with a user option).
>>
>
> OK. NSM provides the requisite infrastructure for that already, we
> just have to enable some more checking. Here's an initial patch, we
> can now decide exactly which checks we should do at medium security
> level, and update the manuals. Personally I feel we should warn for
> ssl, tls1.0, tls1.1, RC4, and SHA1. Diffie-Hellman I'm not too sure
> about, although I'll note that Google Chrome switched to 1024 bits two
> years ago.

Ping? I'd like to improve the default communication security settings
of Emacs, the current state is too insecure for my liking.

Regards

Robert