[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From: Perry E. Metzger
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Thu, 23 Oct 2014 14:37:02 -0400

On Thu, 23 Oct 2014 20:00:08 +0200 Florian Weimer <address@hidden>
> * Richard Stallman:
> > I've read that falling back to ssl3 is a real security hole,
> > being exploited frequently.  That feature should be removed.
> GNUTLS automatically and securely upgrades to a TLS protocol if
> supported by the server.  Dropping SSL 3.0 support altogether will
> only encourage unencrypted connections instead.

I disagree. It will encourage people to upgrade from a flawed
protocol to one that works. Many people running servers are utterly
unaware that there's anything wrong with what they're using right now
-- if you leave in support forever, they'll never figure it out.

Perry E. Metzger                address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]