SSL protocol version
Johannes Stezenbach
js at sig21.net
Mon Dec 13 14:01:38 GMT 2010
Hi,
the IMAP server I use was updated and now doesn't allow
SSLv2 anymore. Thus I found out that offlineimap
used SSLv2 all the time even though SSLv2 security is
flawed :-(
http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Security
I think it is either a Python or openssl bug and thus filed
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606962
However, I think it would be good if offlineimap
would support configuring the SSL protocol version,
by default it should not allow to use SSLv2.
Currently I'm busy and cannot implement it myself,
maybe someone else would like to look into it?
Johannes
More information about the OfflineIMAP-project
mailing list