https://bugs.kde.org/show_bug.cgi?id=342567
--- Comment #8 from Teemu Torma <[email protected]> --- I verified with server log files every combination that TLSv1.2 is used with QSsl::SecureProtocols. It is a bit unfortunate that Qt4 QSsl::TlsV1 implies that it is the latest protocol, and from the code it seems that the idea is to use latest protocols. That was true ten years ago, but nowadays it has opposite effect to pinning the protocol to least acceptable one which has already shown weaknesses. I agree that SSLv3 is not ideal, but does disabling that really belong to KDE? I would think that it should be done on lower levels or server side. Since imap/ssl talks already TLSv1.2 because it speaks any protocol, we could change just smtp/ssl to get TLSv1.2 functionality, and leave starttls variants to as they are. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list [email protected] https://mail.kde.org/mailman/listinfo/kdepim-bugs
