SSL/TLS still seems to be screwed up (retrieving Mail with Thunderbird)
Dear Readers of Debian-Security,
While being connected via an insecure VPN I had once more left my
email client open by accident (Thunderbird). Though access to
imap.gmail.com shall be secured by SSL/TLS my gmail password was
malversated within a few seconds; i.e. I got a login attempt from
HongKong and had to change the password after disconnecting.
Is anyone here who can explain the insecurity of SSL/TLS in its
current state? Does Thunderbird support certificate pinning? Or do you
think that there are still errors in the implementation of the protocol?
What about libressl for Linux?