|
From: | 김민우 |
Subject: | Re: Getting SSL test A+ grade on elpa.gnu.org |
Date: | Thu, 26 Nov 2020 15:21:34 +0900 |
> elpa.gnu.org is supporting insecure TLS 1.0 and TLS 1.1, and does not
> support Forward Secrecy on every device, so It got a B grade on Qualys
> Labs' SSL Test (
> https://www.ssllabs.com/ssltest/analyze.html?d=elpa.gnu.org&s=209.51.188.89&latest).
> It could have a bad effect on security and privacy for emacs users. Would
> you apply only TLS 1.3 on elpa.gnu.org?
*only* TLS 1.3 would be a bit harsh, I think.
김민우 <kmwyard@gmail.com> writes:
> elpa.gnu.org is supporting insecure TLS 1.0 and TLS 1.1, and does not
> support Forward Secrecy on every device, so It got a B grade on Qualys
> Labs' SSL Test (
> https://www.ssllabs.com/ssltest/analyze.html?d=elpa.gnu.org&s=209.51.188.89&latest).
> It could have a bad effect on security and privacy for emacs users. Would
> you apply only TLS 1.3 on elpa.gnu.org?
*only* TLS 1.3 would be a bit harsh, I think.
Robert
[Prev in Thread] | Current Thread | [Next in Thread] |