[arch-general] SSL/TLS still seems to be screwed up (retrieving Mail with Thunderbird)
Elmar Stellnberger
estellnb at gmail.com
Sun Apr 10 16:32:38 UTC 2016
While being connected via an insecure VPN I had once more left my
email client open by accident (Thunderbird). Though access to
imap.gmail.com shall be secured by SSL/TLS my gmail password was
malversated within a few seconds; i.e. I got a login attempt from
HongKong and had to change the password after disconnecting.
Is anyone here who can explain the insecurity of SSL/TLS in its
current state? Does Thunderbird support certificate pinning? Or do you
think that there are still errors in the implementation of the protocol?
What about libressl for Linux?
More information about the arch-general
mailing list