Kontact is vulnerable by NO STARTTLS
Volker Krause
vkrause at kde.org
Fri Sep 24 21:47:03 BST 2021
On Friday, 24 September 2021 19:38:49 CEST Daniel Vrátil wrote:
> On Friday, 24 September 2021 19:37:11 CEST Daniel Vrátil wrote:
> > On Friday, 24 September 2021 18:05:43 CEST Volker Krause wrote:
> > > On Friday, 10 September 2021 21:28:26 CEST Sandro Knauß wrote:
> > > > #423424 - Kmail "forces" the user to accept invalid TLS certificates
> > >
> > > Does anyone happen to have or know of a publicly accessible SMTP and/or
> > > IMAP server with self-signed or otherwise invalid SSL certificates to
> > > test this? No account needed, this should be visible prior to logging in
> > > already. This would help a lot with fixing this, and would avoid me
> > > having to break my own mail server ;)
> >
> > You can try mine, the certificate is expired for 4 years (if that's the
> > right kind of "invalid"), I did not yet get to switch to Let's Encrypt
> > there yet :-) The domain is dvratil.cz, ports are standard.
>
> Hmm, looks like just the IMAP certificate is wrong, SMTP cert is valid. So
> if IMAP is enough, you can try that.
Actually both "work" and reproduce the problem here :)
SMTP even showed me a nice way to trigger this on my own server without
breaking the production setup (valid certificate, but using a sub-domain not
covered by the certificate).
Thanks!
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20210924/8c38c00a/attachment.sig>
More information about the kde-pim
mailing list