openssl/libssl1 in Debian now blocks offlineimap?

Nicolas Sebrecht nicolas.s-dev at
Thu Aug 31 17:01:32 BST 2017

On Thu, Aug 31, 2017 at 02:37:56PM +0100, ael wrote:
> On Fri, Aug 18, 2017 at 05:16:02PM +0200, Wouter Verhelst wrote:

> > So ship a version of OpenSSL that ships with TLS1.0 and TLS1.1 (aka
> > TLS1.old) disabled, but *allow people to re-enable it* if things break
> > (without requiring them to compile their own version). By shipping a
> > version of OpenSSL that has TLS1.old not even compiled in, you're not
> > doing that.
> It seems that Kurte has done this: I just discovered a new version in
> unstable. He has provided procedures to permit TLS1.0/1. But the Debian
> offlineimap package in unstable has not been modified to support them,
> so it is still failing. I have submitted a bug report (against the 
> Debian package). The obvious stategy would be to add configuration
> options to .offlineimaprc. Maybe that is something that might be
> supported upstream? Nicolas?

May I have pointers to the changes you've seen? I need to have a look at
how this was done.

If we need to update offlineimap, I'm in favour to support this.
However, it is all Debian specific so this might better be done in
Debian. I don't know, I need to see more. Also, I'm not sure imaplib2
would need to be updated, too.

Nicolas Sebrecht

More information about the OfflineIMAP-project mailing list