Re: Bug#766395: emacs/gnus: Uses s

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From:	Lars Magne Ingebrigtsen
Subject:	Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date:	Sun, 26 Oct 2014 12:42:50 +0100
User-agent:	Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

Florian Weimer <address@hidden> writes:

> Uhm, if this happens, the server has been downgraded.  The handshake
> will fail if a man-in-the-middle attempts to force the use of SSL 3.0,
> and both ends support something newer.  (As far as I can tell, Emacs
> does not implement the vulnerable protocol downgrade code, unlike
> browsers.)

Oh.  Than what's all this fuss about, then?  Just the normal churn of
"security professional" drama?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., (continued)

Prev by Date: Re: Git transition
Next by Date: Re: Git transition
Previous by thread: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Next by thread: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Index(es):
- Date
- Thread