[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities
From: |
Jens Lechtenboerger |
Subject: |
bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities |
Date: |
Tue, 11 Mar 2014 18:04:25 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
On Mo, Mar 10 2014, Glenn Morris wrote:
> Please see http://debbugs.gnu.org/13374
I wasn't aware of that, sorry.
I'm now on GNU Emacs 24.3.50.1. I can't get gnutls-verify-error to
work. So far I only tried that with NNTPS, not SMTP. If I set
gnutls-verify-error to t, the TCP connection to port 563 is closed
immediately (on the wire I see FIN/ACK immediately after the
three-way handshake; no TLS related data at all).
Afterwards, the server is shown as offline in the server buffer.
gnus-server-open-server fails as long as gnutls-verify-error is t.
imap.el is still using openssl's s_client.
tls.el is still using the switch --insecure for gnutls-cli.
Best wishes
Jens