Paul Eggert wrote: > When it doesn't work, it's because I use Firefox configured > with security.tls.version.min set to 2, which means to use TLS 1.1 or > later,
Well, that's a non-default configuration of Firefox :-) > and whatever lists.gnu.org clone I happen to contact is > old-fashioned and supports TLS 1.0 at best. Indeed, the SSL report of ssllabs.com for lists.gnu.org (208.118.235.17) says that the server supports only TLS 1.0. > No big deal; I wouldn't change the URLs back to HTTP as I expect the > matter will be fixed sooner or later. Even if it doesn't get fixed soon: I think it is better if people access a server over HTTPS with TLS 1.0, rather than with HTTP and no encryption at all. Even if ssllabs.com explains [1] that "TLS 1.0 is insecure". Bruno [1] https://blog.qualys.com/ssllabs/2015/05/22/ssl-labs-increased-penalty-when-tls-12-is-not-supported
