From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4D5AD1396D0 for ; Fri, 25 Aug 2017 15:46:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 99501E0E3C; Fri, 25 Aug 2017 15:46:21 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 46AD2E0DE4 for ; Fri, 25 Aug 2017 15:46:20 +0000 (UTC) Received: from pc1 (unknown [IPv6:2001:7fc:2:2016:587d:1de3:d7d7:e38e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: hanno) by smtp.gentoo.org (Postfix) with ESMTPSA id CB41533FE2A for ; Fri, 25 Aug 2017 15:46:18 +0000 (UTC) Date: Fri, 25 Aug 2017 17:46:01 +0200 From: Hanno =?UTF-8?B?QsO2Y2s=?= To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [PATCH 2/2] git-r3.eclass: Explicitly warn about unsecure protocols Message-ID: <20170825174601.6b000c42@pc1> In-Reply-To: <20170823114602.4b19ebe6b225f4a57af3448e@gentoo.org> References: <20170819082502.27716-1-mgorny@gentoo.org> <20170819082502.27716-2-mgorny@gentoo.org> <20170823114602.4b19ebe6b225f4a57af3448e@gentoo.org> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/X6wFvAeivA=nbQbAUEFNuPR"; protocol="application/pgp-signature" X-Archives-Salt: 1d987d58-1256-4808-8b4a-12ea43a5a7e5 X-Archives-Hash: 8157d79b85ba4c05897d6146c5b0336b --Sig_/X6wFvAeivA=nbQbAUEFNuPR Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, 23 Aug 2017 11:46:02 +0300 Andrew Savchenko wrote: > Sigh... https also makes MITM attacks possible, especially if SSL > or TLS < 1.2 is used or are allowed and protocol version downgrade > attack may be performed. None of that is true. You're probably referring to attacks that were specific to certain browser weaknesses, but they're irrelevant for this use case. --=20 Hanno B=C3=B6ck https://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 --Sig_/X6wFvAeivA=nbQbAUEFNuPR Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/nN1f6YOTiG5N1efpYgAcru1HkIFAlmgRjkACgkQpYgAcru1 HkJeYw/7BRXKffWS7bwktZUUaY03N6Gdl+ogSh9up9ChxDzb4C7WVbrdSR/H0SDL vexZLgHT4MFF8b2Ac8itDGBk0X0caadFi8yGJ8kHabvIe3Dp6UwvcwqnmFShdjIv oBfbzc9VJ3OdIdv9f/ETUDyPcMjiryf18n9SbmFI43XwROM/WOF7q3b30Vtaqe89 XmOo5E/CuTet7FAIvIG6S7eq1/QgBF5gvScwcimttLWLFI/mql6Qdt9Kn6vYxXbV rStIxZVmiQTyKDcBh4TEJftGjUV+0TPX3XIOAvRqnJzOyltIexWMFQgoq1ryZfj8 Xqyi4zgSA7yaB5/IdzVh8uGKDlLOvH4suLZDNFUNaDV/BuYeNBGtnuChxzaxYBwy jZv9Hq1rHHzd6llBwYeAoFrY6C5rN4DyH6wOUomGDzVfhEm7xj1I4XtplHv9OhkK vOTYnxOeP1if14Ip9tOwYmVc0RiG1yy8YAVHa42vyFseNtss/cA57MyvdjUQJaBH bBt5zpUGdnIzwIiI1xEcb9kdK7Esivaz9KqsOunODGKN5yhLDKb97E9xcs8f1fAl NxiLYblvgsrGVBT8G6QhopxbzunCpWdBlIgeWUmKCiNv5NJeEVInWXpBYqDG7f1M C4dyCevACfCX51W7nD93N1TB0VGs5wcpeMo+N9hWk2pgerOFJ3s= =v7Yz -----END PGP SIGNATURE----- --Sig_/X6wFvAeivA=nbQbAUEFNuPR--