From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Florian Weimer <fw@deneb.enyo.de>
Newsgroups: gmane.emacs.devel
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Sun, 26 Oct 2014 08:38:18 +0100
Message-ID: <87ioj7e0wl.fsf@mid.deneb.enyo.de>
References: <20141022193441.GA11872@roeckx.be>
	<87zjcnj2k6.fsf@trouble.defaultvalue.org>
	<E1XhLLS-0005Pt-BQ@fencepost.gnu.org>
	<87mw8mzmxj.fsf@mid.deneb.enyo.de>
	<20141023143702.3897e618@jabberwock.cb.piermont.com>
	<8761fazkx7.fsf@mid.deneb.enyo.de>
	<20141023145721.12ed0820@jabberwock.cb.piermont.com>
	<87vbnay5lf.fsf@mid.deneb.enyo.de>
	<20141023154223.45f2c9eb@jabberwock.cb.piermont.com>
	<874muuihjh.fsf@uwakimon.sk.tsukuba.ac.jp>
	<20141023230048.13f8234a@jabberwock.cb.piermont.com>
	<87wq7pgpif.fsf@uwakimon.sk.tsukuba.ac.jp>
	<20141024171421.78720abe@jabberwock.cb.piermont.com>
	<m361f9nofm.fsf@stories.gnus.org> <87h9ys890o.fsf@lifelogs.com>
	<E1XiCqs-00045u-2A@fencepost.gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1414309123 29169 80.91.229.3 (26 Oct 2014 07:38:43 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 26 Oct 2014 07:38:43 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Oct 26 08:38:36 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XiIPM-0001wA-66
	for ged-emacs-devel@m.gmane.org; Sun, 26 Oct 2014 08:38:36 +0100
Original-Received: from localhost ([::1]:55566 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XiIPL-0006gY-Qk
	for ged-emacs-devel@m.gmane.org; Sun, 26 Oct 2014 03:38:35 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45956)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <fw@deneb.enyo.de>) id 1XiIPD-0006fP-6d
	for emacs-devel@gnu.org; Sun, 26 Oct 2014 03:38:33 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <fw@deneb.enyo.de>) id 1XiIP7-0000RP-2Z
	for emacs-devel@gnu.org; Sun, 26 Oct 2014 03:38:27 -0400
Original-Received: from albireo.enyo.de ([46.237.207.196]:41494)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <fw@deneb.enyo.de>) id 1XiIP6-0000R0-Sr
	for emacs-devel@gnu.org; Sun, 26 Oct 2014 03:38:21 -0400
Original-Received: from [172.17.203.2] (helo=deneb.enyo.de)
	by albireo.enyo.de with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
	id 1XiIP4-0000Ov-Q6
	for emacs-devel@gnu.org; Sun, 26 Oct 2014 08:38:18 +0100
Original-Received: from fw by deneb.enyo.de with local (Exim 4.80)
	(envelope-from <fw@deneb.enyo.de>) id 1XiIP4-0002Ue-Gx
	for emacs-devel@gnu.org; Sun, 26 Oct 2014 08:38:18 +0100
In-Reply-To: <E1XiCqs-00045u-2A@fencepost.gnu.org> (Richard Stallman's message
	of "Sat, 25 Oct 2014 21:42:38 -0400")
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy]
X-Received-From: 46.237.207.196
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175849
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175849>

* Richard Stallman:

> Is it feasible to warn users about this
> whenever it is about to fall back to SSL3 in cases where that would
> cause a danger?

No, because Emacs does not perform fallback.  (GNUTLS automatically
upgrades away from SSL 3.0 if possible, and this upgrade is a
cryptographically protected part of the handshake.)  Emacs could warn
if a connection uses SSL 3.0.  However, it will be difficult to
explain the exact implication of the warning.  At present, there is
not even consensus among programmers how bad SSL 3.0 actually is.