From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: Getting SSL test A+ grade on elpa.gnu.org Date: Wed, 25 Nov 2020 18:04:14 +0100 Message-ID: <87sg8xwepd.fsf@gmail.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="11951"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: =?utf-8?B?6rmA66+87Jqw?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Nov 25 18:07:54 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1khyGo-0002ys-9u for ged-emacs-devel@m.gmane-mx.org; Wed, 25 Nov 2020 18:07:54 +0100 Original-Received: from localhost ([::1]:37330 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1khyGn-00012W-Cs for ged-emacs-devel@m.gmane-mx.org; Wed, 25 Nov 2020 12:07:53 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:41168) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1khyDM-00065I-FM for emacs-devel@gnu.org; Wed, 25 Nov 2020 12:04:20 -0500 Original-Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]:36985) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1khyDK-0005yo-Ku for emacs-devel@gnu.org; Wed, 25 Nov 2020 12:04:20 -0500 Original-Received: by mail-wr1-x42f.google.com with SMTP id i2so2621128wrs.4 for ; Wed, 25 Nov 2020 09:04:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-followup-to:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=n/K9EtTt9nbLZIUNu/Az6UGg8PwmiWZ4mRh6HFbnljY=; b=I7NqKxrCAy/NWHbkr5QPi+ZXkcnNLAa3dy/loXa/dCqceNgsI14+f9yhaznpr8Yy/z E1VtVlim42Ibs0mrvXBCoFeghbj9e8EdnL5MH4USdWsiNJBzrL/hy3uipgwAf/e+oSlC 3oHgVZRq94UZmz1j2sl/QvS1NK1m/ByNTXrZvEqNpDox+0ibSn70EOWKX+t1T2kULTHW xjO9Sw3ZI1n5AeeI8WTpSDq7cSUzyPh0yZoEWvBwSTcdIx7gNL78woGGW5A+/piZVKzQ LT3zFgfbBHl3MUY4XjW8Qsxolvc3Cg50Wkb1UcFvtlVL9nwtAvKTYIFDu4VOjXH2cNEM klkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-followup-to :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :mime-version:content-transfer-encoding; bh=n/K9EtTt9nbLZIUNu/Az6UGg8PwmiWZ4mRh6HFbnljY=; b=qAr/K1iwQvP43hrxracUEJdiN3jqHVhvfID3Q/52UoyJWUroYmRMpqtYUeSikk1GsV rUvXd6l+VRbR5PDYSkdsuSS2yQSBUwjVdsrWGjeF71GztVlpkmVRqaNsmLfGsjhxxBmx /ZRQdP4JedchMgPwYNk/jKWbt0UDtFwQ501sRQyKBIUBhAGmIm1Y8DVlppU8dBOpS+Rg aOreBKM9JygvIUjS+mKPods+S7970MiB0YUjDSu5SCZ48tO339DYBh7b0xz/RI/NECg6 eDhvHTZuYKjVzas0zHO624EktKRiz89hRRd/yH7NKkJZTuWwaTDk/1YloKkMMGimW3qD Ys8w== X-Gm-Message-State: AOAM532xTGr0UAYKsSL01xHN/DeQhTMTWKOEqmwCQ/j5CMimuh4yH5h/ dF/vFy+F9wNB1DHyfkrwWxNLZXyPUb8= X-Google-Smtp-Source: ABdhPJzXw3H8G3aZuZspYgUNQuJOqNKjga52VVoTUmd+SAAQUfItY743EZuV8uToO/886CyTvmv9ZA== X-Received: by 2002:a5d:6286:: with SMTP id k6mr5158222wru.309.1606323856287; Wed, 25 Nov 2020 09:04:16 -0800 (PST) Original-Received: from rltb ([2a01:e34:ecfc:a860:2024:52d3:691c:e83a]) by smtp.gmail.com with ESMTPSA id l13sm5462687wrm.24.2020.11.25.09.04.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Nov 2020 09:04:15 -0800 (PST) Mail-Followup-To: emacs-devel@gnu.org Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (=?utf-8?B?Iuq5gOuvvOyasCIncw==?= message of "Thu, 26 Nov 2020 00:11:49 +0900") Received-SPF: pass client-ip=2a00:1450:4864:20::42f; envelope-from=rpluim@gmail.com; helo=mail-wr1-x42f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:259792 Archived-At: =EA=B9=80=EB=AF=BC=EC=9A=B0 writes: > elpa.gnu.org is supporting insecure TLS 1.0 and TLS 1.1, and does not > support Forward Secrecy on every device, so It got a B grade on Qualys > Labs' SSL Test ( > https://www.ssllabs.com/ssltest/analyze.html?d=3Delpa.gnu.org&s=3D209.51.= 188.89&latest). > It could have a bad effect on security and privacy for emacs users. Would > you apply only TLS 1.3 on elpa.gnu.org? *only* TLS 1.3 would be a bit harsh, I think. Robert