[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecate TLS1.0 support in emacs

From: Robert Pluim
Subject: Re: Deprecate TLS1.0 support in emacs
Date: Mon, 07 Aug 2017 11:54:22 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> On Thu, 03 Aug 2017 23:17:13 -0400 Stefan Monnier <address@hidden> wrote: 
> SM> I generally agree on the principle, but at the same time I wonder what
> SM> actions would make sense: there are basically 2 applicable actions, one
> SM> of which (contact the webmaster to suggest upgrading to a better
> SM> protocol) is difficult to automate.
> I would suggest these possible actions:
> * don't warn me about this site anymore and proceed (whitelist)
> * don't warn me about TLS 1.0 issues for (dropdown: 1 day, 3 days, 1 month)
> * don't warn me about this site for (dropdown: 1 day, 3 days, 1
> month)

I don't think I'd ever want this to be time-based. For me it's all
subsumed by this one:

> * proceed this once

since I'll want to revisit my decision the next time I connect,
whenever that is.

> * blacklist site as long as it uses TLS1.0; abort connection; never notify
> * blacklist TLS1.0 globally; abort all such connections; never notify

These seem a little drastic, even to me :-) You can achieve almost
this already by customizing gnutls-algorithm-priority

BTW, Debian unstable just started the process of removing support for
TLS1.0 *and* TLS1.1 from OpenSSL, I assume the equivalent GnuTLS
change is not far behind:




reply via email to

[Prev in Thread] Current Thread [Next in Thread]