Mats Lidell writes:
>>>>> Stephen J Turnbull <stephen(a)xemacs.org>
> I don't want to hold anything back. I want to avoid screwing our
> users by removing support for something that (they think) they need.
At the same time we would want to help the users do informed decisions
so that they not by mistake use not secure protocols. So it is a
As I say, I don't care about the default. Default off, let people who
know why they need it opt in.
BTW, informed decisions are nice, but the human factors research with
respect to security is very discouraging. For 90% of users-off-the-
street (which admittedly is not likely to be representative of XEmacs
users), the cost of two keystrokes beats risking having your bank
account emptied. Specifically, most users are completely unaware of
the difference between http: and https: URLS (which, believe it or
not, is apparently *made worse* by the practice of some browsers of
displaying the scheme "https://" but not the scheme "http://"), and
not know how to interpret the little lock symbol. That means that if
SSL2/3 are not available, 90% of users will happily fall back to
unencrypted connections to get their work done. :-(
Bottom line: disabling buggy encryption protocols is not a no-brainer.
These days I'd say the odds strongly favor defaulting SSL2/3 *off*.
I'm not ready to remove them, though. TLS 1.0 has some known
issues, too, but I don't think we can default that off yet.
However we also have the problem that not all encrypted traffic
through ssl.el. So we would have to see to so that
supported-tls-protocols is respected by all places where encrypted
traffic takes place.
I think if you're that worried about security, you shouldn't being
using Emacsen at all. Half-joking, of course, but really, if there's
real insecurity in your system, Emacs use is a crack waiting to
happen. Are all your elisp files secure? Are you *sure*? Do you
have a list of SHA1s on readonly material, and verify your elcs
against them whenever you load?
I have also been ignorant and not been looking into the tls-support
recently added to the core. So I don't know if that is applicable here
but from the name is sounds like we should start using that and only
fall back to ssl, and other implementations (openssl!?), if the user
The core support *is* OpenSSL (or nss or gnutls), and they all support
the older protocols. The problem with OpenSSL is that in the 0.9.x
series, which is still prevalent on many platforms, the default at the
library level is to fall all the way back to SSL2. I'm not even sure
when TLS 1.0 support was added; Mac OS X Tiger and Leopard (maybe even
Snow Leopard) may not even *have* proper TLS support. OTOH, OpenSSL
1.01j is state-of-the-art in this respect (including the fix for
OTOH, AFAIK none of the packages we can use refuse to make a
connection if they can't verify the signature back to a known root
certificate. Anybody can self-sign, so spoofing via cousin domains
(YourBank.com.my, anyone?) is trivial.
 IIRC. I'm sure I recall somebody on Python-Dev advocating
disabling one of the TLS versions.
XEmacs-Beta mailing list