From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL. Date: Fri, 24 Oct 2014 09:35:29 -0400 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: References: <20141022193441.GA11872@roeckx.be> <87zjcnj2k6.fsf@trouble.defaultvalue.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1414157757 1402 80.91.229.3 (24 Oct 2014 13:35:57 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 24 Oct 2014 13:35:57 +0000 (UTC) Cc: 766397@bugs.debian.org, 766397-forwarded@bugs.debian.org, kurt@roeckx.be, Rob Browning , emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Oct 24 15:35:50 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xhf1w-0006pS-Qn for ged-emacs-devel@m.gmane.org; Fri, 24 Oct 2014 15:35:48 +0200 Original-Received: from localhost ([::1]:48688 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xhf1w-0002hx-7J for ged-emacs-devel@m.gmane.org; Fri, 24 Oct 2014 09:35:48 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55747) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xhf1m-0002gy-F2 for emacs-devel@gnu.org; Fri, 24 Oct 2014 09:35:43 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xhf1g-0007Jh-NF for emacs-devel@gnu.org; Fri, 24 Oct 2014 09:35:38 -0400 Original-Received: from mail-qa0-x230.google.com ([2607:f8b0:400d:c00::230]:62497) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xhf1g-0007Ic-Bz for emacs-devel@gnu.org; Fri, 24 Oct 2014 09:35:32 -0400 Original-Received: by mail-qa0-f48.google.com with SMTP id x12so938473qac.21 for ; Fri, 24 Oct 2014 06:35:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=PUieNqNKhz4LPW/nr2cWGZYDPh6OFchKxRgI6NTZm7U=; b=snCM8lIdcOA2TTA1vboxfAsOcZQvayaDLc3OSocmMzZ15vq2E4AK+rNl36kJakqq4L K4r6FFZmp/SlPKqxgtkS7XOZQuvJvYYBf0xne5oIMXxCwOZ6i/G1RHo5Vwf4UAn6IvRy jDKI6oVjLDS5GQp2mg841Glsws5T9RSPn42Jo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=PUieNqNKhz4LPW/nr2cWGZYDPh6OFchKxRgI6NTZm7U=; b=IsHGn7RQdzv1j41/JdagYM9YRkIuY4DhUKECk5eVuYOWUTxVwnkOTwyq/lovJ1CLaR dkiwUkSqls/+dem4RfmXICSAzGIoUnzIys/tJ12x1NVaF9itlKY80RzyLbWFtvoTVIKG 8qfIoikTxI00KhymFuZVi0srLt4BCXgD06LLTIEJYQZCXOMiT9qV1yiLE0TJyn/8RTNC TMBVJAJThIOL6b/CFHsShJkzOZdc+ciT/JGL7NNoBSbuq9b7AkGMKVdGs5lOsOros7Ft 9E1EnN0xfTUy/ZAzbvPKBnoZRwt7RyF7OI4rPhVM3qBnwxn8e9jdRa+39i602pX9YfFV MIgg== X-Gm-Message-State: ALoCoQnJzrsih+ZNSVi/+32FcOA14GhNENgI9Dr7bc1YeRLasNWwHVdb8IScu0XP29+n6Tn/hSic X-Received: by 10.224.21.133 with SMTP id j5mr6057735qab.51.1414157731233; Fri, 24 Oct 2014 06:35:31 -0700 (PDT) Original-Received: from bug ([198.0.146.153]) by mx.google.com with ESMTPSA id v2sm4134202qav.44.2014.10.24.06.35.30 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Oct 2014 06:35:30 -0700 (PDT) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (Richard Stallman's message of "Thu, 23 Oct 2014 12:34:38 -0400") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (darwin) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2607:f8b0:400d:c00::230 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175773 Archived-At: On Thu, 23 Oct 2014 12:34:38 -0400 Richard Stallman wrote: RS> I've read that falling back to ssl3 is a real security hole, RS> being exploited frequently. That feature should be removed. That's not really relevant to the bug report, but with GnuTLS you use priority strings to control this. Nikos, the GnuTLS maintainer, asked for feedback on disabling it in the default priority string in the mailing list: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7732 If you're using the Emacs GnuTLS integration, you simply set the priority string through `gnutls-algorithm-priority' to what works for you; for example "SECURE256:-VERS-SSL3.0". I'd rather wait for the final decision from the GnuTLS maintainer than change the Emacs default. If you're using the external s_client, you need to customize its invocation accordingly. HTH Ted