Support for TLS

Sebastian Spaeth Sebastian at SSpaeth.de
Wed Jan 26 08:36:28 GMT 2011


On Tue, 25 Jan 2011 21:58:38 +0100, Johannes Stezenbach <js at sig21.net> wrote:
> I'm not sure how this is supposed to work in openssl either.  All
> I know is that the IMAP server I use was upgraded and the new
> version immediately disconnects when it sees an SSLv2 client hello.
> That's how I found out offlineimap was trying to connect using SSLv2.

OK, so what we should be doing then is to first try with TLSv1
explicitely and if that fails, we try to connect with SSLv3. 

Or the other way round? 

Or should we poke the server the first time we connect
and cache the type that we can use somewhere so we don't have to find
that out on each and every run?

The last option would be the most complex, but probably the most
efficient in terms of app runtime.

What would people prefer?

> SSLv2 is broken, no one should use it.

Right, so I think we should remove support for it in the next major
version then. Thanks for confirming that.

Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20110126/524b8957/attachment-0001.sig>


More information about the OfflineIMAP-project mailing list