'[kmail2] [Bug 342567] TLSv1.2 is not used on imap/smtp/managesieve'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [kmail2] [Bug 342567] TLSv1.2 is not used on imap/smtp/managesieve
From:       Teemu Torma <teemu () torma ! org>
Date:       2015-01-09 12:23:11
Message-ID: bug-342567-17878-II4eUdhbJY () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=342567

--- Comment #10 from Teemu Torma <teemu@torma.org> ---
I might add that disabling SSLv3 from auto negotiation has really nothing to do
with it being the only protocol available.  The problem is that
man-in-the-middle can cause the auto negotiation to fail.  Even if both server
and client support TLSv1.2, man-in-the-middle can signal client that protocol
is not supported, thus client tries lower protocol versions until the
connection with SSLv3 succeeds and is vulnerable to POODLE attack.

-- 
You are receiving this mail because:
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic