Moving from mutt 1.5 to 1.13.2

Kevin J. McCarthy kevin at 8t8.us
Thu Jun 3 16:29:18 UTC 2021


On Thu, Jun 03, 2021 at 11:42:25AM -0400, Andrew D. Arenson wrote:
>Update:
>
>Setting both of the following solves the first problem: "Encrypted connection unavailable"
>
>set ssl_starttls=no
>set ssl_force_tls=no

1.13.0 changed $ssl_force_tls to default set.  This was backed out in 
1.13.4.  However, I re-enabled it to default set in the 2.0.0 release. 

Unencrypted connections will need to turn $ssl_force_tls off.

>I'm guessing this is related to 
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963107, but I don't 
>know exactly how. Perhaps my use case of connecting to davmail is 
>unusual, or maybe I'm doing something insecure with davmail that I'm 
>unaware of. Thoughts about that are appreciated.

That bug report from a CVE fixed in 1.14.3.  The fix was backported but 
then a regression was discovered and fixed in 1.14.5.  I believe Debian 
did backport the regression fix too.

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20210603/e0cdaa39/attachment-0001.asc>


More information about the Mutt-users mailing list