Moving from mutt 1.5 to 1.13.2
Kevin J. McCarthy
kevin at 8t8.us
Thu Jun 3 16:29:18 UTC 2021
On Thu, Jun 03, 2021 at 11:42:25AM -0400, Andrew D. Arenson wrote:
>Update:
>
>Setting both of the following solves the first problem: "Encrypted connection unavailable"
>
>set ssl_starttls=no
>set ssl_force_tls=no
1.13.0 changed $ssl_force_tls to default set. This was backed out in
1.13.4. However, I re-enabled it to default set in the 2.0.0 release.
Unencrypted connections will need to turn $ssl_force_tls off.
>I'm guessing this is related to
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963107, but I don't
>know exactly how. Perhaps my use case of connecting to davmail is
>unusual, or maybe I'm doing something insecure with davmail that I'm
>unaware of. Thoughts about that are appreciated.
That bug report from a CVE fixed in 1.14.3. The fix was backported but
then a regression was discovered and fixed in 1.14.5. I believe Debian
did backport the regression fix too.
--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20210603/e0cdaa39/attachment-0001.asc>
More information about the Mutt-users
mailing list