[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Doubts about IMAP SSL authentication
From: |
Ross Patterson |
Subject: |
Re: Doubts about IMAP SSL authentication |
Date: |
Wed, 17 Sep 2008 10:58:20 -0700 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux) |
"chrycheng@gmail.com" <chrycheng@gmail.com> writes:
> Gnus successfully opened an SSL connection with my IMAP server (GMail)
> as evidenced by the ff. lines in *Messages*:
>
> imap: Connecting to imap.gmail.com...
> imap: Opening SSL connection with `openssl s_client -quiet -ssl3 -
> connect %s:%p'...done
>
> However, further on, I see these lines:
>
> imap: Authenticating to `imap.gmail.com' using `login'...
> imap: Plaintext authentication...
>
> Does this mean that Gnus ignored the SSL connection that was set up
> and went with a less secure plaintext login method instead?
Unless I'm misunderstanding, this is fine. Sine the *connection* is
fully encrypted with SSL, it is safe to *authenticate* using plain text
over the *encrypted connection*. Most SSL setups I've seen work this
way where plain text auth is used when the connection is encrypted.
Course, I'm no SSL expert.
Ross