GNU bug report logs - #21134
24.5; Default value of imap-ssl-program

Previous Next

Package: emacs;

Reported by: Milan Zamazal <pdm <at> zamazal.org>

Date: Sat, 25 Jul 2015 19:29:01 UTC

Severity: important

Tags: security

Merged with 20078

Found in version 24.5

Fixed in version 25.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Milan Zamazal <pdm <at> zamazal.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.5; Default value of imap-ssl-program
Date: Sat, 25 Jul 2015 21:28:32 +0200

The default value of imap-ssl-program is

  '("openssl s_client -quiet -ssl3 -connect %s:%p"
    "openssl s_client -quiet -ssl2 -connect %s:%p"
    "s_client -quiet -ssl3 -connect %s:%p"
    "s_client -quiet -ssl2 -connect %s:%p")

This doesn't work when SSL is disabled and only TLS is available on the
IMAP server, e.g. in current Debian.  Moreover, default IMAP setting
shouldn't enforce usage of deprecated protocols.

imap-ssl-program default value should be updated (maybe just omitting
the -ssl3 and -ssl2 options would be a good idea, but I'm not an
expert).

This bug report was last modified 9 years and 152 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #21134 24.5; Default value of imap-ssl-program

GNU bug report logs - #21134
24.5; Default value of imap-ssl-program