SSL/TLS still seems to be screwed up (retrieving Mail with Thunderbird)
Dear Readers of Debian-Security,
While being connected via an insecure VPN I had once more left my
email client open by accident (Thunderbird). Though access to
imap.gmail.com shall be secured by SSL/TLS my gmail password was
malversated within a few seconds; i.e. I got a login attempt from
HongKong and had to change the password after disconnecting.
Is anyone here who can explain the insecurity of SSL/TLS in its
current state? Does Thunderbird support certificate pinning? Or do you
think that there are still errors in the implementation of the protocol?
What about libressl for Linux?
Yours,
Elmar
Reply to: