[Reportbug-maint] Bug#639698: reportbug: STARTTLS failure - continue without TLS
gabster at lelutin.ca
Wed Apr 8 20:13:37 UTC 2015
That sounds like a terrible idea.. unless you meant to make reportbug
try STARTTLS in that case and then fail if this doesn't work.
But if the user asked for an encrypted communication, the app should not
fall back to sending it in clear text. That's the basis of all the
nastiness of downgrade attacks that could happen with STARTTLS and other
protocols that permit this kind of fallback.
The best option here should be to have a clear error message of what
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Reportbug-maint