On 2017-07-12 12:15:52 +0200, Olaf Hering wrote:
> On Wed, Jul 12, Vincent Lefevre wrote:
> > "If you connect to a server and use GnuTLS' functions to verify the
> > certificate chain, and get a GNUTLS_CERT_INSECURE_ALGORITHM validation
> > error (see Verifying X.509 certificate paths), it means that somewhere
> > in the certificate chain there is a certificate signed using RSA-MD2
> > or RSA-MD5. These two digital signature algorithms are considered
> > broken, so GnuTLS fails verifying the certificate."
>
> It is unlikely that all four used IMAP servers have this issue. But,
> what do I know about security.
It depends whether they are set up by the same people.
But you can check the details with "openssl s_client -connect ...",
for instance ("man s_client" for usage).
> I posted the backtrace. gnutls deals with the timeout, openssl does not.
OK, indeed, it is blocked inside the library.
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
