[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] [feature-request] Implement newer TLS Version in neawsre
|
From: |
Duncan |
|
Subject: |
Re: [Pan-users] [feature-request] Implement newer TLS Version in neawsreader pan? |
|
Date: |
Thu, 6 Jul 2017 02:30:59 +0000 (UTC) |
|
User-agent: |
Pan/0.142 (He slipped to Sam a double gin; b8c8c8ef0) |
Duncan posted on Thu, 06 Jul 2017 01:14:18 +0000 as excerpted:
> FWIW I think the optimum, if it's not too difficult to achieve, would be
> to let it be auto-negotiated, of course favoring the newer versions if
> the server supports them as well. If getting the negotiation right is
> too difficult, I'd suggest making it configurable, at /least/ via file,
> but of course I'd personally prefer gui.
Thinking about it a bit more...
Even better would be auto-negotiation, but with a configured minimum
version, which would of course default to 1.0 for backward compatibility,
but users could up that to 1.3 or whatever if they knew their provider
supported it. Then if pan couldn't negotiate the configured minimum,
instead of falling back to something less secure it'd hard-fail.
Then the configuration could be servers.xml only without either
regression if only the existing 1.0 was server-supported, or too big a
security compromise if higher was, because the auto-negotiation would
then get that, for gui-only users.
I believe that'd be my ideal, with gui or no-gui config left up to a vote
here or the person doing the patch, I guess.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman