[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From: Antoine Beaupre
Subject: Re: Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Wed, 22 Feb 2017 15:38:17 -0500
User-agent: NeoMutt/20170113 (1.7.2)

On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote:
> Kurt Roeckx <address@hidden> writes:
> > From what I understand, it is (or was) possible to configure
> > things in such a way that it uses s_client to set up SSL, even
> > when it's configured to use gnutls.  You should never use s_client
> > for that.  s_client is a debug tool.  It does create an SSL
> > connection for you, but in an insecure way.
> Emacs has built-in TLS support these days, so s_client is only used if
> the user (for some weird reason or other) has built or installed a
> version of Emacs without TLS support.
> I think that should probably be removed, because it's less secure than
> users would expect.

This is now a release-blocking bug, but hasn't seen any activity in the
last year or so. It would be good to see this finally fixed!

Obviously, one should never use openssl s_client for stuff like this...
I should also note that even though Emacs 24 supports TLS natively now,
its handling of X509 certificate is really problematic, as documented in
#816063. I would hardly consider it complete.

Emacs 25 doesn't suffer from those issues, but may still allow


Il est sage de nous réconcilier avec notre adolescence ; haїr, mépriser,
nier ou simplement oublier l’adolescent que nous fûmes est en soi une
attitude adolescente.
                        - Daniel Pennac, Comme un roman

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]