Re: Bug#766395: emacs/gnus: Uses s

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From:	Florian Weimer
Subject:	Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date:	Thu, 23 Oct 2014 20:00:08 +0200

* Richard Stallman:

> I've read that falling back to ssl3 is a real security hole,
> being exploited frequently.  That feature should be removed.

GNUTLS automatically and securely upgrades to a TLS protocol if
supported by the server.  Dropping SSL 3.0 support altogether will
only encourage unencrypted connections instead.  Furthermore, SSL 3.0
is certainly not an ideal design, but neither is TLS 1.0.  Only
TLS 1.1 and later attempt to fix the padding issue, and support for
those versions is still poor in servers.  Fortunately, the padding
issues are only exploitable under fairly narrow circumstances.
Most applications (except web browsers) use SSL 3.0 in such a way that
the attack described in the POODLE paper does not apply.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Rob Browning, 2014/10/22
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Rob Browning, 2014/10/22
  - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Ted Zlatanov, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Rob Browning, 2014/10/23
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stefan Monnier, 2014/10/22
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Andreas Schwab, 2014/10/22
  - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Andreas Schwab, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Lars Magne Ingebrigtsen, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stefan Monnier, 2014/10/23
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Richard Stallman, 2014/10/23
  - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer <=
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Kurt Roeckx, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Kurt Roeckx, 2014/10/23
    - Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/23

Prev by Date: eww.el: autoload eww-list-bookmarks
Next by Date: Re: switching marmalade to https
Previous by thread: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Next by thread: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Index(es):
- Date
- Thread