[Bug 82515] Evolution uses weak encryption for SSL/TLS
Fridtjof Busse
bugs at fbunet.de
Wed Jan 31 18:43:11 UTC 2007
Public bug reported:
Binary package hint: evolution
Evolution in feisty uses weak encryption when s(ending mail via SSL/TLS.
E.g., the server supports AES 256 bit, but Evolution uses the probably weakest encryption available:
(using SSLv3 with cipher RC4-MD5 (128/128 bits))
All other MUAs I checked use AES-256 correctly. I consider this a serious bug, as RC4-MD5 is definitly not a good idea.
Manually connecting via 'openssl s_client' to the server I used for testing shows:
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
So it definitly works.
** Affects: evolution (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
Evolution uses weak encryption for SSL/TLS
https://launchpad.net/bugs/82515
More information about the desktop-bugs
mailing list