[Discuss] SSL problems with imapfilter after upgrade to Debian 11
Rich Pieri
richard.pieri at gmail.com
Sun Aug 29 16:30:16 EDT 2021
On Sat, 28 Aug 2021 16:09:35 -0400
Matthew Gillen <me at mattgillen.net> wrote:
> That seems like a very odd thing to do. The server certificate is
> provided as part of the TLS handshake, every single time you connect.
> There is no point in caching it for performance reasons. Maybe they
> are trying to do a poor-man's certificate pinning, and their
> implementation is bad? That's the only thing I can think of that
> would make storing the server cert useful in any way.
Apparently so:
certificates
When this option is enabled, the server certificate can be
accepted and stored, in order to validate the authenticity
of the server in future connections. This variable takes a
boolean as a value. Default is “true”.
--
Rich Pieri
More information about the Discuss
mailing list