[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19284: 25.0.50; tls.el uses option --insecure

From: Jens Lechtenboerger
Subject: bug#19284: 25.0.50; tls.el uses option --insecure
Date: Fri, 05 Dec 2014 20:43:09 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

This is a followup to bug#16978, where I reported multiple MITM

tls.el calls gnutls-cli with option --insecure.

As Emacs applies TOFU by default via nsm.el (great work, many
thanks!), the above is dangerous.  I continue to use the following:
(setq tls-program '("gnutls-cli --strict-tofu -p %p %h"))

I’m not sure under what conditions tls.el is necessary.  Is it?

Best wishes

reply via email to

[Prev in Thread] Current Thread [Next in Thread]