[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS/TLS proposals for after the release
|
From: |
Robert Pluim |
|
Subject: |
Re: GnuTLS/TLS proposals for after the release |
|
Date: |
Thu, 07 Jul 2016 10:10:32 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.95 (gnu/linux) |
John Wiegley <address@hidden> writes:
>>>>>> Ted Zlatanov <address@hidden> writes:
>
>> They have different purposes: (1) is to make tls.el, which uses command-line
>> tunnels, more noisy by default, so users are led to the C bindings to GnuTLS
>> (gnutls.el). (2) is to disable SSLv3 in tls.el. (3) is to change the
>> variables in gnutls.el a bit to make customization and future work easier.
>> (3) is the only risky one because it affects user customizations, but I
>> think we have to bite that buller sooner or later.
>
> OK. Does anyone else have a reason to object to these changes?
rfc7568 says, with good reason:
>3. Do Not Use SSL Version 3.0
>
> SSLv3 MUST NOT be used. Negotiation of SSLv3 from any version of TLS
> MUST NOT be permitted.
so I definitely vote for disabling SSLv3 (and rapidly deprecating
tls.el)
Robert
- GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/05
- Re: GnuTLS/TLS proposals for after the release, John Wiegley, 2016/07/05
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/06
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/06
- Re: GnuTLS/TLS proposals for after the release, John Wiegley, 2016/07/06
- Re: GnuTLS/TLS proposals for after the release,
Robert Pluim <=
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/12
- Re: GnuTLS/TLS proposals for after the release, John Wiegley, 2016/07/12
- Re: GnuTLS/TLS proposals for after the release, Eli Zaretskii, 2016/07/13
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/13
Re: GnuTLS/TLS proposals for after the release, Lars Ingebrigtsen, 2016/07/20