SSL protocol version

Johannes Stezenbach js at sig21.net
Mon Dec 13 14:01:38 GMT 2010


Hi,

the IMAP server I use was updated and now doesn't allow
SSLv2 anymore.  Thus I found out that offlineimap
used SSLv2 all the time even though SSLv2 security is
flawed :-(
http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Security

I think it is either a Python or openssl bug and thus filed
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606962

However, I think it would be good if offlineimap
would support configuring the SSL protocol version,
by default it should not allow to use SSLv2.
Currently I'm busy and cannot implement it myself,
maybe someone else would like to look into it?


Johannes




More information about the OfflineIMAP-project mailing list