[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS/TLS proposals for after the release

From: Robert Pluim
Subject: Re: GnuTLS/TLS proposals for after the release
Date: Thu, 07 Jul 2016 10:10:32 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.95 (gnu/linux)

John Wiegley <address@hidden> writes:

>>>>>> Ted Zlatanov <address@hidden> writes:
>> They have different purposes: (1) is to make tls.el, which uses command-line
>> tunnels, more noisy by default, so users are led to the C bindings to GnuTLS
>> (gnutls.el). (2) is to disable SSLv3 in tls.el. (3) is to change the
>> variables in gnutls.el a bit to make customization and future work easier.
>> (3) is the only risky one because it affects user customizations, but I
>> think we have to bite that buller sooner or later.
> OK. Does anyone else have a reason to object to these changes?

rfc7568 says, with good reason:

>3.  Do Not Use SSL Version 3.0
>   SSLv3 MUST NOT be used.  Negotiation of SSLv3 from any version of TLS
>   MUST NOT be permitted.

so I definitely vote for disabling SSLv3 (and rapidly deprecating


reply via email to

[Prev in Thread] Current Thread [Next in Thread]