On Mon, Dec 14, 2015 at 11:33:51AM +0100, Nicolas Sebrecht wrote: > On Sun, Dec 13, 2015 at 03:51:41PM -0700, [email protected] wrote: > > > And this wasn't necessary previously? OfflineIMAP worked before the > > upgrade and .offlineimaprc hasn't changed. > > OfflineIMAP was horrible. It was silently fallbacking to no SSL.
Sent before I finished the mail, sorry. OfflineIMAP was horrible. It was silently fallbacking to no SSL certificate validation (while still using the certificate for the encrypted SSL tunnel). IOW, any SSL certificate could be used. This is bad because it's exposed to a MITM attack. -- Nicolas Sebrecht _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
