From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Deprecate TLS1.0 support in emacs Date: Wed, 12 Jul 2017 15:48:35 +0200 Message-ID: <87zic9vk98.fsf@mouse> References: <87o9sp7qok.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1499867349 8834 195.159.176.226 (12 Jul 2017 13:49:09 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 12 Jul 2017 13:49:09 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jul 12 15:49:05 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dVI0n-00020c-CL for ged-emacs-devel@m.gmane.org; Wed, 12 Jul 2017 15:49:05 +0200 Original-Received: from localhost ([::1]:53209 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dVI0s-0000FK-LV for ged-emacs-devel@m.gmane.org; Wed, 12 Jul 2017 09:49:10 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36560) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dVI0b-0000CS-Qu for emacs-devel@gnu.org; Wed, 12 Jul 2017 09:48:54 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dVI0W-0004ZQ-Qx for emacs-devel@gnu.org; Wed, 12 Jul 2017 09:48:53 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]:42943) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dVI0W-0004XW-K1 for emacs-devel@gnu.org; Wed, 12 Jul 2017 09:48:48 -0400 Original-Received: from cm-84.209.243.26.getinternet.no ([84.209.243.26] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dVI0J-0001vU-IE for emacs-devel@gnu.org; Wed, 12 Jul 2017 15:48:39 +0200 In-Reply-To: <87o9sp7qok.fsf@gmail.com> (Robert Pluim's message of "Wed, 12 Jul 2017 15:03:39 +0200") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:216532 Archived-At: Robert Pluim writes: > whilst investigating another bug, I noticed that > https://lists.gnu.org/ is still using TLS1.0, which is seriously > deprecated. I propose the following patch to make emacs not use TLS1.0 > anymore unless explicitly requested (and someone should update the > settings on lists.gnu.org). As you point out, removing TLS1.0 support from Emacs will make it impossible for people to access common resources like https://lists.gnu.org/ (and many other sites), so I don't think that's a good idea. It might make sense to warn people about these resources not being "secure", though. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no