[arch-general] SSL/TLS still seems to be screwed up (retrieving Mail with Thunderbird)

Elmar Stellnberger estellnb at gmail.com
Sun Apr 10 16:32:38 UTC 2016

   While being connected via an insecure VPN I had once more left my 
email client open by accident (Thunderbird). Though access to 
imap.gmail.com shall be secured by SSL/TLS my gmail password was 
malversated within a few seconds; i.e. I got a login attempt from 
HongKong and had to change the password after disconnecting.
   Is anyone here who can explain the insecurity of SSL/TLS in its 
current state? Does Thunderbird support certificate pinning? Or do you 
think that there are still errors in the implementation of the protocol? 
What about libressl for Linux?

More information about the arch-general mailing list