Moving from mutt 1.5 to 1.13.2

Andrew D. Arenson arenson at spatzel.net
Thu Jun 3 16:41:44 UTC 2021


	Thanks for the explanation, Kevin.

Andy

On Thu, Jun 03, 2021 at 09:29:18AM -0700, Kevin J. McCarthy wrote:

> On Thu, Jun 03, 2021 at 11:42:25AM -0400, Andrew D. Arenson wrote:
> >Update:
> >
> >Setting both of the following solves the first problem: "Encrypted connection unavailable"
> >
> >set ssl_starttls=no
> >set ssl_force_tls=no
> 
> 1.13.0 changed $ssl_force_tls to default set.  This was backed out
> in 1.13.4.  However, I re-enabled it to default set in the 2.0.0
> release.
> 
> Unencrypted connections will need to turn $ssl_force_tls off.
> 
> >I'm guessing this is related to
> >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963107, but I
> >don't know exactly how. Perhaps my use case of connecting to
> >davmail is unusual, or maybe I'm doing something insecure with
> >davmail that I'm unaware of. Thoughts about that are appreciated.
> 
> That bug report from a CVE fixed in 1.14.3.  The fix was backported
> but then a regression was discovered and fixed in 1.14.5.  I believe
> Debian did backport the regression fix too.
> 
> -- 
> Kevin J. McCarthy
> GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA



-- 
Andrew D. Arenson (he/him)                              H 317.964.0493
arenson (at) spatzel.net                                C 317.679.4669


More information about the Mutt-users mailing list