[kmail2] [Bug 342567] TLSv1.2 is not used on imap/smtp/managesieve
Teemu Torma
teemu at torma.org
Fri Jan 9 12:23:11 GMT 2015
https://bugs.kde.org/show_bug.cgi?id=342567
--- Comment #10 from Teemu Torma <teemu at torma.org> ---
I might add that disabling SSLv3 from auto negotiation has really nothing to do
with it being the only protocol available. The problem is that
man-in-the-middle can cause the auto negotiation to fail. Even if both server
and client support TLSv1.2, man-in-the-middle can signal client that protocol
is not supported, thus client tries lower protocol versions until the
connection with SSLv3 succeeds and is vulnerable to POODLE attack.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list