From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: William F Hammond Newsgroups: gmane.emacs.bugs Subject: bug#20078: imap with openssl Date: Tue, 10 Mar 2015 19:31:51 -0700 Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=20cf301d3a12dd697e0510fa11a8 X-Trace: ger.gmane.org 1426043121 26712 80.91.229.3 (11 Mar 2015 03:05:21 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 11 Mar 2015 03:05:21 +0000 (UTC) To: 20078@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Mar 11 04:05:12 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1YVWxL-0007Fw-Qd for geb-bug-gnu-emacs@m.gmane.org; Wed, 11 Mar 2015 04:05:12 +0100 Original-Received: from localhost ([::1]:52425 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YVWxK-0000wv-LT for geb-bug-gnu-emacs@m.gmane.org; Tue, 10 Mar 2015 23:05:10 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56728) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YVWxF-0000tD-TR for bug-gnu-emacs@gnu.org; Tue, 10 Mar 2015 23:05:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YVWxE-0006SK-NM for bug-gnu-emacs@gnu.org; Tue, 10 Mar 2015 23:05:05 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:43554) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YVWxE-0006S2-KA for bug-gnu-emacs@gnu.org; Tue, 10 Mar 2015 23:05:04 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1YVWxE-0005p5-ED for bug-gnu-emacs@gnu.org; Tue, 10 Mar 2015 23:05:04 -0400 X-Loop: help-debbugs@gnu.org Resent-From: William F Hammond Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 11 Mar 2015 03:05:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 20078 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.142604305822306 (code B ref -1); Wed, 11 Mar 2015 03:05:04 +0000 Original-Received: (at submit) by debbugs.gnu.org; 11 Mar 2015 03:04:18 +0000 Original-Received: from localhost ([127.0.0.1]:42120 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YVWwT-0005ne-KE for submit@debbugs.gnu.org; Tue, 10 Mar 2015 23:04:18 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:49344) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YVWRF-0004zQ-T5 for submit@debbugs.gnu.org; Tue, 10 Mar 2015 22:32:02 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YVWR9-0003Db-Sd for submit@debbugs.gnu.org; Tue, 10 Mar 2015 22:31:56 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:45908) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YVWR9-0003DV-PD for submit@debbugs.gnu.org; Tue, 10 Mar 2015 22:31:55 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51049) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YVWR8-0008K1-MY for bug-gnu-emacs@gnu.org; Tue, 10 Mar 2015 22:31:55 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YVWR7-0003Cq-Hc for bug-gnu-emacs@gnu.org; Tue, 10 Mar 2015 22:31:54 -0400 Original-Received: from mail-ie0-x233.google.com ([2607:f8b0:4001:c03::233]:34011) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YVWR7-0003CT-Cj for bug-gnu-emacs@gnu.org; Tue, 10 Mar 2015 22:31:53 -0400 Original-Received: by iecsl2 with SMTP id sl2so6627051iec.1 for ; Tue, 10 Mar 2015 19:31:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=iyOrIYqqoxRZCbAakKGkU2gFOcOUQ0rm2ZLhOkXAveM=; b=NwlcJ+pFvQOofJz1lCGepUEzKWVI3i83vUDkAkrtvXpmcORHaUySQk0UMELfB4YB0y wvEqqesZbj9YzR/9aGFHnN/CBAQjoketyP0dh2w+yVvcqTYHMJUZ7FhaOYWkoEtXDFQZ 8xTQ2xfnYAtMC84PwqCt+b4ItcOcVEPbSp23fGPz7sA0kuS3/lFLSgMD+dcSZTpGNOBO r39T4aOMjI+nc+eKBEexSvaq1/4omknHFrFC19Ktlozt0e0AVHWmwi7OKMLV3f42ZKrp dPjpIzLbcaxFpUkGH2UtZMGvxrYbAHrZK94ZEhAcRYg0W9S+4Oxuj5fNTDPcaAm6P5w6 pdPA== X-Received: by 10.42.194.77 with SMTP id dx13mr38371071icb.34.1426041111143; Tue, 10 Mar 2015 19:31:51 -0700 (PDT) Original-Received: by 10.64.159.198 with HTTP; Tue, 10 Mar 2015 19:31:51 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Mailman-Approved-At: Tue, 10 Mar 2015 23:04:14 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:100366 Archived-At: --20cf301d3a12dd697e0510fa11a8 Content-Type: text/plain; charset=UTF-8 I've been using imap with openssl happily for about 15 years. Recently it stopped working with a very well-known mail host. A friend who is usually on top of these things tells me that there is a vulnerability named "poodle" when using the -ssl3 option of openssl s_client and one should now have at the top of the list imap-ssl-program (in imap.el) the following: "openssl s_client -quiet -tls1 -connect %s:%p" He hastens to point out that the option -tls1 does not mean that one is using tls rather than ssl -- a statement that means little to me. Meanwhile, without the latest imap.el one can patch this easily enough in .gnus by cons-ing the new string into imap-ssl-program AFTER manually loading imap. -- William F Hammond Email: gellmu@gmail.com https://www.facebook.com/william.f.hammond http://www.albany.edu/~hammond --20cf301d3a12dd697e0510fa11a8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I've been using imap with openssl happi= ly for about 15 years.

Recently it stopped working with a very= well-known mail host.=C2=A0 A friend who is usually on top of these things= tells me that there is a vulnerability named "poodle" when using= the -ssl3 option of openssl s_client and one should now have at the top of= the list
imap-ssl-program (in imap.el) the following:

=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "openssl s_client -quiet= -tls1 -connect %s:%p"

He hastens to point out that the o= ption -tls1 does not mean that one is using tls rather than ssl -- a statem= ent that means little to me.

Meanwhile, without the = latest imap.el one can patch this easily enough in .gnus by cons-ing the ne= w string into imap-ssl-program AFTER manually loading imap.
--20cf301d3a12dd697e0510fa11a8--