tag 797844 + patch thanks Hi, I recently ran into this bug when my mail server switched to TLS 1.2 only. I backported the upstream changes to the Debian stretch packages and are running them now without problems. The patches are are attached to this mail. Affect source packages are kimap, libkf5ksieve and kde4libs. As the patches are fairly trivial can this be applied to Debian stable? If I remember correctly severity important classifies for fixing in stable. Pleas let me know if you have any questions. Thank you for maintaining KDE packages in Debian!
--- a/kio/kio/tcpslavebase.cpp
+++ b/kio/kio/tcpslavebase.cpp
@@ -499,7 +499,7 @@
{
if (d->usingSSL)
return false;
- return d->startTLSInternal(KTcpSocket::TlsV1) & ResultOk;
+ return d->startTLSInternal(KTcpSocket::SecureProtocols) & ResultOk;
}
TCPSlaveBase::SslResult TCPSlaveBase::TcpSlaveBasePrivate::startTLSInternal (KTcpSocket::SslVersion version,
--- a/src/loginjob.cpp
+++ b/src/loginjob.cpp
@@ -383,7 +383,7 @@
switch (d->authState) {
case LoginJobPrivate::StartTls:
- d->sessionInternal()->startSsl(KTcpSocket::TlsV1);
+ d->sessionInternal()->startSsl(KTcpSocket::SecureProtocols);
break;
case LoginJobPrivate::Capability:
--- a/src/kmanagesieve/sessionthread.cpp
+++ b/src/kmanagesieve/sessionthread.cpp
@@ -453,7 +453,7 @@
m_sslCheck->setInterval(60 * 1000);
connect(m_sslCheck, &QTimer::timeout, this, &SessionThread::slotSslTimeout);
}
- m_socket->setAdvertisedSslVersion(KTcpSocket::TlsV1);
+ m_socket->setAdvertisedSslVersion(KTcpSocket::SecureProtocols);
m_socket->ignoreSslErrors();
connect(m_socket, &KTcpSocket::encrypted, this, &SessionThread::slotEncryptedDone);
m_sslCheck->start();
Attachment:
signature.asc
Description: This is a digitally signed message part.