Re: Disable SSL2 and SSL3 in ssl.el?

Johann 'Myrkraverk' Oskarsson writes: *sigh* What the big browsers do in their bleeding edge version is not the relevant information. What matters is what is happening where our users live, and there is some evidence (eg, the discussions on Python-Dev) that many corporations' intranets remain a big mess[1], and those are precisely the places that are conservative about upgrading things like browsers. Perhaps they would be equally conservative about upgrading Emacsen, but the folks I know who have worked in those environments think that Emacsen tend to get upgraded somewhat faster because the users are more sophisticated and/or have more power over what's installed on their machines. Again, not really the interesting information. What is interesting is which sites still speak only obsolete versions of SSL and versions of TLS that are considered vulnerable, and whether our users need to access those sites. I don't want to hold anything back. I want to avoid screwing our users by removing support for something that (they think) they need. I don't care if the default is to not support those protocols, but a minimum level of support for XEmacs is a `supported-tls-protocols' variable (name is up for grabs, of course) which has a choice customization widget providing the obsolete protocols as options (along with a warning as big and red as you like in the doc for each option). Footnotes: [1] Including some like Google! _______________________________________________ XEmacs-Beta mailing list XEmacs-Beta(a)xemacs.org http://lists.xemacs.org/mailman/listinfo/xemacs-beta