Control: retitle -1 SSL handshakes fails when talking to ISPs with a strict 
cipher suite
Control: tag -1 + moreinfo

Hi,

Ricardo Mones wrote (03 Nov 2014 22:58:15 GMT) :
> On Mon, 03 Nov 2014 21:53:05 +0400
> randomnoize <[email protected]> wrote:

>> Riseup.net doesn't use STARTTLS, SSL for POP3/IMAP only, and that option
>> can't be selected from current version of claws-mail

Actually, the bug title is wrong: Claws Mail from Wheezy works fine
with IMAP providers that have disabled SSLv2 and SSLv3. However, it
isn't able to negotiate a shared cipher if the ISP has a strict
ciphers list, e.g. if they have "!SHA1".

> Anyway, since you already know this is already fixed in a newer version like
> current testing, what's your expected result from this bug report?

The Internet is a moving target, and users may expect that software
shipped in Debian stable is adjusted, whenever needed, to go on
inter-operating with other parties who have made sensible security
decisions. In practice, not doing that on the client site effectively
blocks some other ISPs from making the security decisions that would
be appropriate.

Of course, maintainers' time may be scarce, they might not be willing
to prioritize what's already in Debian stable, and the effort needed
to get the needed updates in stable can sometimes be overwhelming.
If that's the case, IMO a bug report like this very one is useful to
document the (known) problem, and to make others aware that the
maintainers are not willing or able to deal with it in stable.

So, if you, as the maintainer, are not willing / able to deal with
this problem in stable, I suggest you tag this bug "help"... and
perhaps give us some pointers wrt. what you expect may be hard in
dealing with it :)

Thanks in advance.

Cheers,
--
intrigeri


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to