[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

SSL/TLS still seems to be screwed up (retrieving Mail with Thunderbird)

Dear Readers of Debian-Security,

While being connected via an insecure VPN I had once more left my email client open by accident (Thunderbird). Though access to imap.gmail.com shall be secured by SSL/TLS my gmail password was malversated within a few seconds; i.e. I got a login attempt from HongKong and had to change the password after disconnecting. Is anyone here who can explain the insecurity of SSL/TLS in its current state? Does Thunderbird support certificate pinning? Or do you think that there are still errors in the implementation of the protocol? What about libressl for Linux?


Reply to: