Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

[Kurt Roeckx]

On Thu, Oct 23, 2014 at 04:26:16PM -0400, Perry E. Metzger wrote:
> To reiterate: all the major sites already use TLS 1.2 with AES.

We don't only care about "major sites", there are plenty of
other sites.  But if you count youtube as a major site it will
talk RC4 to Firefox.  Bug agl announced that that is about to
change soon.

But you really should look at the stats of the "top 1 million"
sites I posted earlier if you want to know the state of the "major
sites".

> Ceasing to use
> SSL 3.0 is simple (even ceasing to use TLS 1.0 and 1.1 is simple but
> we're talking about SSL 3.0 here).

Ceasing to use TLS 1.0 is not simple.  Only about 50% of the
servers support higher version.  So we still need to support
TLS 1.0.  As Florian stated openssl 0.9.8 does not support TLS
1.1 or newer and 0.9.8 is still used way too much.

> So, why do we need to support SSL
> 3.0 again? What's the rationale, other than making the lives of
> attackers easy?

I'm all for dropping SSL 3.0 support and I disabled it in openssl
in Debian testing and unstable.  This was already planned for some
time, and the POODLE attack made me just do it.

But if your concern is about the POODLE attack, please note that
the attack requires many connection attemps where the attacker has
control over the plaintext that is being send.  This is relativly
easy to exploit in a browser but I don't know of any attack where
this can be done outside a browser.  So you want to do 1 or more
of the following:
- Disable SSLv3 in your browser
- Disable SSLv3 in your webserver
- Disable javascript

When talking about HTTPS there are clients and servers that
support SSL 3.0 but don't support TLS 1.0.  But the stats say it's
less than 1% for both of them.  Some people will care about that
1%, others won't.


Kurt