k-9, can you confirm that any version within the last 2 years (since i've used it) does not honor secure tls server cipher preferences ?
as far as i can tell the k-9 client does not respect the server cipher ordering prefs this is to my knowledge definitely the case, since any android later than 2.2 preferentially uses half-baked ciphers such as RC4-MD5 it is of utmost importance (not just for me) that k-9 over-ride the default cipher preferences of android and java which are insecure and questionable as to their implementation see for example http://op-co.de/blog/posts/android_ssl_downgrade/ for a brief overview and method to code k-9 in a more secure manner will k-9 re-code its cipher preferences and/or choose a list of its own secure defaults ? this issue is fundamentally much more important than any usability, folder location, RAM lagging, slow running feature request. -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
