On Thu, Jun 03, 2021 at 11:42:25AM -0400, Andrew D. Arenson wrote:
Update:Setting both of the following solves the first problem: "Encrypted connection unavailable" set ssl_starttls=no set ssl_force_tls=no
1.13.0 changed $ssl_force_tls to default set. This was backed out in 1.13.4. However, I re-enabled it to default set in the 2.0.0 release.
Unencrypted connections will need to turn $ssl_force_tls off.
I'm guessing this is related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963107, but I don't know exactly how. Perhaps my use case of connecting to davmail is unusual, or maybe I'm doing something insecure with davmail that I'm unaware of. Thoughts about that are appreciated.
That bug report from a CVE fixed in 1.14.3. The fix was backported but then a regression was discovered and fixed in 1.14.5. I believe Debian did backport the regression fix too.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
