[Bug 82515] Re: Evolution uses weak encryption for SSL/TLS
hggdh
hggdh2 at gmail.com
Wed Jan 31 19:56:11 UTC 2007
Confirmed. Evolution does not even propose EAS as a valid ciphersuite
when connecting. The following is the output of a ssldump from a
Evolution connection to GMAIL at port 995:
3 1 0.1265 (0.1265) C>S SSLv2 compatible client hello
Version 3.0
cipher suites
SSL2_CK_RC4
SSL2_CK_RC2
SSL2_CK_3DES
SSL2_CK_DES
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
SSL_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
SSL_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
2 2 0.2113 (0.0665) S>C Handshake
I do not know what ciphersuites are represented by 0xfeff and 0xfefe,
since they are (theoretically) reserved and private, respectively.
** Changed in: evolution (Ubuntu)
Status: Unconfirmed => Confirmed
--
Evolution uses weak encryption for SSL/TLS
https://launchpad.net/bugs/82515
More information about the desktop-bugs
mailing list