Control: retitle -1 SSL handshakes fails when talking to ISPs with a strict cipher suite Control: tag -1 + moreinfo
Hi, Ricardo Mones wrote (03 Nov 2014 22:58:15 GMT) : > On Mon, 03 Nov 2014 21:53:05 +0400 > randomnoize <[email protected]> wrote: >> Riseup.net doesn't use STARTTLS, SSL for POP3/IMAP only, and that option >> can't be selected from current version of claws-mail Actually, the bug title is wrong: Claws Mail from Wheezy works fine with IMAP providers that have disabled SSLv2 and SSLv3. However, it isn't able to negotiate a shared cipher if the ISP has a strict ciphers list, e.g. if they have "!SHA1". > Anyway, since you already know this is already fixed in a newer version like > current testing, what's your expected result from this bug report? The Internet is a moving target, and users may expect that software shipped in Debian stable is adjusted, whenever needed, to go on inter-operating with other parties who have made sensible security decisions. In practice, not doing that on the client site effectively blocks some other ISPs from making the security decisions that would be appropriate. Of course, maintainers' time may be scarce, they might not be willing to prioritize what's already in Debian stable, and the effort needed to get the needed updates in stable can sometimes be overwhelming. If that's the case, IMO a bug report like this very one is useful to document the (known) problem, and to make others aware that the maintainers are not willing or able to deal with it in stable. So, if you, as the maintainer, are not willing / able to deal with this problem in stable, I suggest you tag this bug "help"... and perhaps give us some pointers wrt. what you expect may be hard in dealing with it :) Thanks in advance. Cheers, -- intrigeri -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

