From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL. Date: Sun, 21 Feb 2016 13:47:45 +1100 Message-ID: <87twl2hj8u.fsf@gnus.org> References: <20141022193441.GA11872@roeckx.be> <87zjcnj2k6.fsf@trouble.defaultvalue.org> <87wq7rj2fl.fsf@trouble.defaultvalue.org> <87egtyixsy.fsf@trouble.defaultvalue.org> <20160220152832.GA11566@roeckx.be> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1456022917 32635 80.91.229.3 (21 Feb 2016 02:48:37 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 21 Feb 2016 02:48:37 +0000 (UTC) Cc: Ted Zlatanov , 766397-forwarded@bugs.debian.org, 766397@bugs.debian.org, Rob Browning , emacs-devel@gnu.org To: Kurt Roeckx Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Feb 21 03:48:26 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aXK4P-0000If-22 for ged-emacs-devel@m.gmane.org; Sun, 21 Feb 2016 03:48:25 +0100 Original-Received: from localhost ([::1]:37372 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aXK4O-0004Zf-Id for ged-emacs-devel@m.gmane.org; Sat, 20 Feb 2016 21:48:24 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52671) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aXK4K-0004XQ-HE for emacs-devel@gnu.org; Sat, 20 Feb 2016 21:48:21 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aXK4H-0005P8-BJ for emacs-devel@gnu.org; Sat, 20 Feb 2016 21:48:20 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:56854) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aXK4H-0005P3-5C for emacs-devel@gnu.org; Sat, 20 Feb 2016 21:48:17 -0500 Original-Received: from cpe-60-225-211-161.nsw.bigpond.net.au ([60.225.211.161] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1aXK3r-0005Ig-96; Sun, 21 Feb 2016 03:47:51 +0100 In-Reply-To: <20160220152832.GA11566@roeckx.be> (Kurt Roeckx's message of "Sat, 20 Feb 2016 16:28:32 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) X-MailScanner-ID: 1aXK3r-0005Ig-96 MailScanner-NULL-Check: 1456627675.0722@2ahKsHfD0fkdPIrFZeaKdQ X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:200356 Archived-At: Kurt Roeckx writes: > From what I understand, it is (or was) possible to configure > things in such a way that it uses s_client to set up SSL, even > when it's configured to use gnutls. You should never use s_client > for that. s_client is a debug tool. It does create an SSL > connection for you, but in an insecure way. Emacs has built-in TLS support these days, so s_client is only used if the user (for some weird reason or other) has built or installed a version of Emacs without TLS support. I think that should probably be removed, because it's less secure than users would expect. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no