nmh-workers
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [nmh-workers] fetchmail and SNI (and pop.gmail.com)

2019-06-27 11:40:44
from [Ken Hornstein] [Permanent Link][Original] 
It seems that fetchmail doesn't enable SNI for it's TLS connection


Try adding `--sslproto TLS1' to fetchmail's arguments.


I guess the core issue is that for Google servers when using TLS 1.2 SNI
isn't required, but for TLS 1.3 it is; well, let me rephrase that.  If
you negotiate TLS 1.3 you get the bogus certificate if you don't send a
SNI.  But it seems like the 'right' solution is we should be sending a
SNI to avoid this problem?

--Ken

-- 
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [nmh-workers] burst behavior, Paul Fox
Next by Date:  Re: [nmh-workers] Making OpenSSL 1.0.2 minimum version, Ken Hornstein
Previous by Thread:  Re: [nmh-workers] fetchmail and SNI (and pop.gmail.com), Ralph Corderoy
Next by Thread:  Re: [nmh-workers] fetchmail and SNI (and pop.gmail.com), Ralph Corderoy
Indexes:  [Date] [Thread] [Top] [All Lists]