SSL fingerprint verification

Daniel Shahaf d.s at
Tue Aug 30 21:13:16 BST 2011

Sebastian Spaeth wrote on Tue, Aug 30, 2011 at 22:03:45 +0200:
> On Tue, 30 Aug 2011 17:17:59 +0200, Johannes Stezenbach <js at> wrote:
> > Yes, it is of interest.  A few comments, though:
> Cool.
> > - I'd prefer SHA-1 over MD5 since MD5 is weaker
> >   (actually SHA-256 might be an even better choice, but MD5 and SHA-1
> >   are commonly used for certificate fingerprints)
> I don't care which we use. Fortunately we depend on python >=2.5 now and
> its hashlib has all the algos available. sha1 or sha256 all sounds good
> to me.

It might be easier to obtain the sha1 fingerprint via other tools, so
perhaps both sha1 and sha256 could be supported at the same time?  ie,
check whichever of the two is provided?

More information about the OfflineIMAP-project mailing list