CUPS is now linked against OpenSSL

Henrique de Moraes Holschuh hmh at
Tue Jan 14 11:43:23 UTC 2014

On Tue, 14 Jan 2014, Jakub Wilk wrote:
> * Daniel Kahn Gillmor <dkg at>, 2014-01-13, 23:03:
> >if the only axis we're measuring along is cryptographic security,
> >then protecting against passive attackers (eavesdroppers) is
> >clearly better than not doing so.
> >
> >but if people think that CUPS' TLS protects them against active
> >attackers, and they use that to do things like send confidential
> >information over the link, they have been lulled into a false
> >sense of security.
> Hear, hear.
> So, how would people feel about the following policy:
> TLS clients must either:
> - validate server certificates;
> - or prominently document that they don't do that?

As in log "unsafe TLS connection to <foo>"?

Because anything less than that would not be effective at all.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

More information about the Pkg-gnutls-maint mailing list