Am 2016-04-11 um 00:00 schrieb Brandon Vincent:
TLS properly implemented is secure. The insecure VPN (as you so describe it) may have been stripping out the offer of STARTTLS by the IMAP server. This is pretty trivial to do when you control all of the data flowing through the VPN [1]. This has actually been done by some ISPs in the past [2]. Although the RFC for STARTTLS indicates that clients should fallback if TLS is not available [3], last time I checked if you have STARTTLS specified in the server settings in Thunderbird, it should not be establishing a connection if it is unable to do so over TLS. What are the server settings you are using for IMAP?
SSL/TLS (not starttls) password, normal imap.gmail.com
I do not know it for certain. At least there was no popup-error message. However there could have been a temporary error in the bottom status bar without me having read it (I was working on another virtual desktop while Thunderbird was open). Perhaps there is some log somewhere where I could have a look?Was it a successful login or an attempted login?
Did you accept any certificate warnings?
No.
[1] https://github.com/tintinweb/striptls [2] https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks [3] https://tools.ietf.org/html/rfc2595 Brandon Vincent