GNU bug report logs - #20078
imap with openssl

Previous Next

Package: emacs;

Reported by: William F Hammond <gellmu <at> gmail.com>

Date: Wed, 11 Mar 2015 03:05:04 UTC

Severity: important

Tags: security

Merged with 21134

Found in version 24.5

Fixed in version 25.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: William F Hammond <gellmu <at> gmail.com>
To: 20078 <at> debbugs.gnu.org
Subject: bug#20078: imap with openssl
Date: Tue, 10 Mar 2015 19:31:51 -0700

[Message part 1 (text/plain, inline)]
I've been using imap with openssl happily for about 15 years.

Recently it stopped working with a very well-known mail host.  A friend who
is usually on top of these things tells me that there is a vulnerability
named "poodle" when using the -ssl3 option of openssl s_client and one
should now have at the top of the list
imap-ssl-program (in imap.el) the following:

         "openssl s_client -quiet -tls1 -connect %s:%p"

He hastens to point out that the option -tls1 does not mean that one is
using tls rather than ssl -- a statement that means little to me.

Meanwhile, without the latest imap.el one can patch this easily enough in
.gnus by cons-ing the new string into imap-ssl-program AFTER manually
loading imap.

-- 
William F Hammond
Email: gellmu <at> gmail.com
https://www.facebook.com/william.f.hammond
http://www.albany.edu/~hammond

[Message part 2 (text/html, inline)]
This bug report was last modified 9 years and 152 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.