On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote: > Kurt Roeckx <[email protected]> writes: > > > From what I understand, it is (or was) possible to configure > > things in such a way that it uses s_client to set up SSL, even > > when it's configured to use gnutls. You should never use s_client > > for that. s_client is a debug tool. It does create an SSL > > connection for you, but in an insecure way. > > Emacs has built-in TLS support these days, so s_client is only used if > the user (for some weird reason or other) has built or installed a > version of Emacs without TLS support. > > I think that should probably be removed, because it's less secure than > users would expect.
This is now a release-blocking bug, but hasn't seen any activity in the
last year or so. It would be good to see this finally fixed!
Obviously, one should never use openssl s_client for stuff like this...
I should also note that even though Emacs 24 supports TLS natively now,
its handling of X509 certificate is really problematic, as documented in
#816063. I would hardly consider it complete.
Emacs 25 doesn't suffer from those issues, but may still allow
s_client...
A.
--
Il est sage de nous réconcilier avec notre adolescence ; haїr, mépriser,
nier ou simplement oublier l’adolescent que nous fûmes est en soi une
attitude adolescente.
- Daniel Pennac, Comme un roman
signature.asc
Description: PGP signature

