On Sun, Jun 21, 2020 at 01:37:53PM +0200, Vincent Lefevre wrote:
On 2020-06-20 14:49:56 -0700, Kevin J. McCarthy wrote:I've committed a fix: <https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748> but won't be able to make a release for 2-3 days. Packagers may wish to apply the patch. Users encountering the problem should set $ssl_starttls to "ask-yes", "ask-no", or "no" (with caution) for the time being.Doesn't this need to unset $ssl_force_tls too?
That's true - thank you. In this case $ssl_startls defaults to 'yes', so it's more likely to cause a problem. But you are right I should have mentioned $ssl_force_tls also.
BTW, I don't think that testing $ssl_starttls here is useful, as I've just said in bug 246 https://gitlab.com/muttmua/mutt/-/issues/246 Its value alone will not prevent a MITM attack, and this test may annoy users who do not need TLS because the connection is already encapsulated in an encrypted connection.
Sorry, I don't understand this comment. The fix checks for $tunnel, and won't check for either in that case.The intent of the patch was to prevent a possible MITM in default configuration. Yes, there are other MITMs that aren't mitigated by $ssl_starttls, but this one can be done. The user is free to turn off $ssl_starttls in an account-hook if they know their unencrypted PREAUTH is desired.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
