#3571: User should be able to disable TLSv1.1 and TLSv1.2
-------------------------+--------------------------------------------------
Reporter: hncaldwell | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: mutt | Version: 1.5.21
Keywords: |
-------------------------+--------------------------------------------------
I ran into a problem where I was unable to connect to an Exchange server
over imaps with mutt after I had upgraded OpenSSL to version 1.0.1.
After examining some pcaps, I realized that after the upgrade, mutt's TLS
connection was using TLS version 1.2, which I guess resulted in the
Exchange server not being able to negotiate the connection:
{{{
...
[2012-03-28 10:46:34] 4< * OK Microsoft Exchange Server 2003 IMAP4rev1
server version 6.5.7638.1 (hq-es.FASTSOFT.COM) ready.
[2012-03-28 10:46:34] IMAP queue drained
[2012-03-28 10:46:34] Right before imap_check_capabilities call 1
[2012-03-28 10:46:36] 4> a0000 CAPABILITY^M
[2012-03-28 10:46:36] SSL error: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
[2012-03-28 10:46:36] imap_cmd_step: Error reading server response.
...
}}}
Looking at mutt's code, I realized that there were no options that allowed
for the explicit selection of a TLS version. I think that there should be
config options available in order to turn off TLS 1.1 and 1.2.
Attached is a proposed patch to address the problem.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3571>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
