Moving from mutt 1.5 to 1.13.2
Andrew D. Arenson
arenson at spatzel.net
Thu Jun 3 16:41:44 UTC 2021
Thanks for the explanation, Kevin.
Andy
On Thu, Jun 03, 2021 at 09:29:18AM -0700, Kevin J. McCarthy wrote:
> On Thu, Jun 03, 2021 at 11:42:25AM -0400, Andrew D. Arenson wrote:
> >Update:
> >
> >Setting both of the following solves the first problem: "Encrypted connection unavailable"
> >
> >set ssl_starttls=no
> >set ssl_force_tls=no
>
> 1.13.0 changed $ssl_force_tls to default set. This was backed out
> in 1.13.4. However, I re-enabled it to default set in the 2.0.0
> release.
>
> Unencrypted connections will need to turn $ssl_force_tls off.
>
> >I'm guessing this is related to
> >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963107, but I
> >don't know exactly how. Perhaps my use case of connecting to
> >davmail is unusual, or maybe I'm doing something insecure with
> >davmail that I'm unaware of. Thoughts about that are appreciated.
>
> That bug report from a CVE fixed in 1.14.3. The fix was backported
> but then a regression was discovered and fixed in 1.14.5. I believe
> Debian did backport the regression fix too.
>
> --
> Kevin J. McCarthy
> GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
--
Andrew D. Arenson (he/him) H 317.964.0493
arenson (at) spatzel.net C 317.679.4669
More information about the Mutt-users
mailing list