openssl/libssl1 in Debian now blocks offlineimap?

Nicolas Sebrecht nicolas.s-dev at
Tue Aug 15 11:28:26 BST 2017

On Mon, Aug 14, 2017 at 10:05:40PM +0200, Kurt Roeckx wrote:

> On Mon, Aug 14, 2017 at 08:09:38PM +0100, ael wrote:
> > I updated one of my Debian testing machines earlier today, and now 
> > offlineimap cannot connect to at least two imap servers.
> > I appears to be a problem with libssl1.1 and openssl.1.0f-4 which have
> > *disabled* (!) TLS 1.0 and 1.1 : no possibility to switch then back on
> > as far as I know.
> There is currently no way to switch them back.

This is a problem because the deprecation warnings do not hit enough

Instead of warnings, you might like to consider disabling the features
with the possibility to re-enable the legacy behaviour with environment
variables.  This way, you'll make sure that the users would read the

> I'm guessing you have no control over the other side of the
> connection, the imap server? You should tell them to upgrade.

Sure, the best to to have everything upgraded.

The other way is to downgrade openssl on the system.  It might be
possible to use docker or LXC containers based on any older debian or
other distributions.

Nicolas Sebrecht

More information about the OfflineIMAP-project mailing list