[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Deprecate TLS1.0 support in emacs
From: |
Robert Pluim |
Subject: |
Re: Deprecate TLS1.0 support in emacs |
Date: |
Tue, 01 Aug 2017 15:01:24 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Lars Ingebrigtsen <address@hidden> writes:
> Robert Pluim <address@hidden> writes:
>
>> Ping? I'd like to improve the default communication security settings
>> of Emacs, the current state is too insecure for my liking.
>
> My feeling, as I think I said, is that it's premature to warn about
> things like TLS1.0 in an intrusive manner. There's too many sites out
> there that still use that protocol, and warning too much is no help for
> our users.
There are still many sites like that, but if we don't warn people
about them, there will never be any pressure on their owners to
upgrade to TLS1.2, or stop using SHA-1, or increase DH key size.
How about warning as in my patch, but only at network-security-level
>= high? And revisit the level later?
Regards
Robert
- Re: Deprecate TLS1.0 support in emacs, Robert Pluim, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Lars Ingebrigtsen, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs,
Robert Pluim <=
- Re: Deprecate TLS1.0 support in emacs, Paul Eggert, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Lars Ingebrigtsen, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Robert Pluim, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Stefan Monnier, 2017/08/01
- Re: Deprecate TLS1.0 support in emacs, Lars Ingebrigtsen, 2017/08/03
- Re: Deprecate TLS1.0 support in emacs, Stefan Monnier, 2017/08/03
- Re: Deprecate TLS1.0 support in emacs, Ted Zlatanov, 2017/08/03
- Re: Deprecate TLS1.0 support in emacs, Eli Zaretskii, 2017/08/04
- Re: Deprecate TLS1.0 support in emacs, Ted Zlatanov, 2017/08/04
- Re: Deprecate TLS1.0 support in emacs, Eli Zaretskii, 2017/08/04