Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] SSL problems with imapfilter after upgrade to Debian 11

On Sat, 28 Aug 2021 16:09:35 -0400
Matthew Gillen <me at mattgillen.net> wrote:

> That seems like a very odd thing to do.  The server certificate is
> provided as part of the TLS handshake, every single time you connect.
> There is no point in caching it for performance reasons.  Maybe they
> are trying to do a poor-man's certificate pinning, and their
> implementation is bad?  That's the only thing I can think of that
> would make storing the server cert useful in any way.

Apparently so:

     certificates
             When this option is enabled, the server certificate can be
             accepted and stored, in order to validate the authenticity
             of the server in future connections. This variable takes a
             boolean as a value. Default is ?true?.

-- 
Rich Pieri

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org