Comment 11 for bug 1188189

SSL/TLS capability likely still needs to remain available for compatibility with third-party systems, where administrators may be deploying canned configurations with all plaintext protocols disabled. I agree the short term fix is to disable any default unauthenticated encryption across the board, surround the config knobs for it with shouty disclaimers and possibly also log warning/info level messages when services are started running in this manner.

Long-term fix is of course to pathologically assume compromised/hostile internal networks, encrypt everywhere and perform peer validation using some pluggable mechanism (Kerberos, private CA, DNSSec+SSHFP, whatever) but I expect that's a very long way off.