[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] [PATCH 2/2] git-r3.eclass: Explicitly warn about unsecure protocols
From:       Hanno =?UTF-8?B?QsO2Y2s=?= <hanno () gentoo ! org>
Date:       2017-08-25 15:46:01
Message-ID: 20170825174601.6b000c42 () pc1
[Download RAW message or body]


On Wed, 23 Aug 2017 11:46:02 +0300
Andrew Savchenko <bircoph@gentoo.org> wrote:

> Sigh... https also makes MITM attacks possible, especially if SSL
> or TLS < 1.2 is used or are allowed and protocol version downgrade
> attack may be performed.

None of that is true.

You're probably referring to attacks that were specific to certain
browser weaknesses, but they're irrelevant for this use case.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]