[Piers Lauder] Re: imaplib2 support for starttls

Sebastian Spaeth sebastian at sspaeth.de
Wed Apr 13 09:29:49 BST 2011


On Wed, 13 Apr 2011 00:46:20 +0200, Johannes Stezenbach <js at sig21.net> wrote:
> use protocol version TLSv1.  However, the client starts
> with a SSLv2 Client Hello packet with the version field set
> to TLS 1.0 (0x0301).

> But the same issue exists for plain imaps connects, that's
> why I suggested to add a SSL version config option to offlineimap.
> (RFC2246 "TLSv1" appendix E. "Backward Compatibility With SSL"
> says the SSLv2 handshake should be "phased out with all due haste",
> and that was written in 1999!)

I am all for preventing SSLv2 connections. I still think we should be
able to do it without needing a configuration option though (try TLSv1
and SSLv3 and use the first that works).

> BTW, I wonder if the imaplib2 threads should set the daemon flag
> to not prevent python from exiting w/o clean IMAP2.logout()?

Different issue, but yes, that would be good. @Piers, we got a hang in imaplib2 when a signal
handler called system.exit(), so we had to catch an interrupt and
perform a logout() before we allowed offlineimap to exit.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20110413/c3fc5386/attachment-0001.sig>


More information about the OfflineIMAP-project mailing list