Johann 'Myrkraverk' Oskarsson writes:
Then why don't you make an informed decision?
In Chrome, SSL3 will be disabled in version 39, and gone completely
in 40, according to this:
*sigh* What the big browsers do in their bleeding edge version is not
the relevant information. What matters is what is happening where our
users live, and there is some evidence (eg, the discussions on
Python-Dev) that many corporations' intranets remain a big mess,
and those are precisely the places that are conservative about
upgrading things like browsers. Perhaps they would be equally
conservative about upgrading Emacsen, but the folks I know who have
worked in those environments think that Emacsen tend to get upgraded
somewhat faster because the users are more sophisticated and/or have
more power over what's installed on their machines.
Some websites that already don't speak ssl3:
And neither does my bank.
Again, not really the interesting information. What is interesting is
which sites still speak only obsolete versions of SSL and versions of
TLS that are considered vulnerable, and whether our users need to
access those sites.
SSL3 is almost 18 years old, and the world is moving on. Why do you
want to hold ssl.el back?
I don't want to hold anything back. I want to avoid screwing our
users by removing support for something that (they think) they need.
I don't care if the default is to not support those protocols, but a
minimum level of support for XEmacs is a `supported-tls-protocols'
variable (name is up for grabs, of course) which has a choice
customization widget providing the obsolete protocols as options
(along with a warning as big and red as you like in the doc for each
 Including some like Google!
XEmacs-Beta mailing list