[Top] [All Lists]

Re: [nmh-workers] fetchmail and SNI (and pop.gmail.com)

2019-06-27 11:40:44
It seems that fetchmail doesn't enable SNI for it's TLS connection

Try adding `--sslproto TLS1' to fetchmail's arguments.

I guess the core issue is that for Google servers when using TLS 1.2 SNI
isn't required, but for TLS 1.3 it is; well, let me rephrase that.  If
you negotiate TLS 1.3 you get the bogus certificate if you don't send a
SNI.  But it seems like the 'right' solution is we should be sending a
SNI to avoid this problem?



<Prev in Thread] Current Thread [Next in Thread>