Re: Doubts about IMAP SSL authentication

info-gnus-english

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Doubts about IMAP SSL authentication

From:	Ross Patterson
Subject:	Re: Doubts about IMAP SSL authentication
Date:	Wed, 17 Sep 2008 10:58:20 -0700
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux)

"chrycheng@gmail.com" <chrycheng@gmail.com> writes:

> Gnus successfully opened an SSL connection with my IMAP server (GMail)
> as evidenced by the ff. lines in *Messages*:
>
> imap: Connecting to imap.gmail.com...
> imap: Opening SSL connection with `openssl s_client -quiet -ssl3 -
> connect %s:%p'...done
>
> However, further on, I see these lines:
>
> imap: Authenticating to `imap.gmail.com' using `login'...
> imap: Plaintext authentication...
>
> Does this mean that Gnus ignored the SSL connection that was set up
> and went with a less secure plaintext login method instead?

Unless I'm misunderstanding, this is fine.  Sine the *connection* is
fully encrypted with SSL, it is safe to *authenticate* using plain text
over the *encrypted connection*.  Most SSL setups I've seen work this
way where plain text auth is used when the connection is encrypted.
Course, I'm no SSL expert.

Ross

[Prev in Thread]

Current Thread

[Next in Thread]

Doubts about IMAP SSL authentication, address@hidden, 2008/09/17
- Re: Doubts about IMAP SSL authentication, Ross Patterson <=
- Message not available
  - Re: Doubts about IMAP SSL authentication, Adam Sjøgren, 2008/09/20

Prev by Date: Doubts about IMAP SSL authentication
Next by Date: How to mark sent messages with asterisk?
Previous by thread: Doubts about IMAP SSL authentication
Next by thread: Re: Doubts about IMAP SSL authentication
Index(es):
- Date
- Thread