Johann 'Myrkraverk' Oskarsson writes:
I'm sure you're all aware of the recent security flaws
exposed with SSL3.
Therefore I have to ask, should we disable SSL2 and SSL3 support in ssl.el?
There's a long thread on this issue on emacs-devel. It was
inconclusive, there are security hawks and doves. larsi and tzz are
busily creating a "network security manager" nsm, though I'm not
terribly impressed with their understanding of security.
My own opinion is that any security measure that interrupts the user's
browsing likely to get disabled, and we really should find better ways
to address these issues.
XEmacs-Beta mailing list