Richard Stallman <rms@gnu.org> writes:

>   > It is a refusal to access a resource because somebody has determined
>   > that a specific protocol (HTTP + TLS1.0) is something that our users
>   > shouldn't be able to use.
>
> I agree -- our software should not absolutely refuse to communicate
> a way that we judge risky.  We should explain the situation and state
> how to enable that method (perhaps with a user option).
>

OK. NSM provides the requisite infrastructure for that already, we
just have to enable some more checking. Here's an initial patch, we
can now decide exactly which checks we should do at medium security
level, and update the manuals. Personally I feel we should warn for
ssl, tls1.0, tls1.1, RC4, and SHA1. Diffie-Hellman I'm not too sure
about, although I'll note that Google Chrome switched to 1024 bits two
years ago.

Regards

Robert