Hi Ken,
> I guess the core issue is that for Google servers when using TLS 1.2
> SNI isn't required, but for TLS 1.3 it is; well, let me rephrase that.
> If you negotiate TLS 1.3 you get the bogus certificate if you don't
> send a SNI. But it seems like the 'right' solution is we should be
>
Ken Hornstein wrote:
> It looks like Debian buster is the earliest version of Debian which has
> nmh 1.7.1. And it looks like that will be officially released next week.
> If you upgraded, would that be enough for you to switch away from
> fetchmail? :-) We support XOAUTH2!
I
>> And geez Mike, we talked about this a lot! Wasn't a secret!
>
>I read the man page. I wonder if my man pages are coming from debian, while
>my binaries are manually installed.
It looks like Debian buster is the earliest version of Debian which has
nmh 1.7.1. And it looks like that will
Ralph Corderoy wrote:
>> I have used:
>>
>> fetchmail --verbose --sslcertpath="/etc/ssl/certs" --sslcertck
>> --proto POP3 --mda "rcvstore -sequence gmail +inbox"
>> --logfile /var/tmp/gmail.log pop.gmail.com
>>
>> to get my gmail downloaded for some time now.
>
Ken Hornstein wrote:
> And geez Mike, we talked about this a lot! Wasn't a secret!
I read the man page. I wonder if my man pages are coming from debian, while
my binaries are manually installed.
SNI === Server Name Indicator, which lets a server know which name
a client meant to connect
>> It seems that fetchmail doesn't enable SNI for it's TLS connection
>
>Try adding `--sslproto TLS1' to fetchmail's arguments.
I guess the core issue is that for Google servers when using TLS 1.2 SNI
isn't required, but for TLS 1.3 it is; well, let me rephrase that. If
you negotiate TLS 1.3 you
Hi Michael,
> I have used:
>
>fetchmail --verbose --sslcertpath="/etc/ssl/certs" --sslcertck
>--proto POP3 --mda "rcvstore -sequence gmail +inbox"
>--logfile /var/tmp/gmail.log pop.gmail.com
>
> to get my gmail downloaded for some time now.
Has your OpenSSL been upgraded
>I don't think that inc has any TLS support.
You are incorrect! Supported as of 1.7 when the unified security framework
was implemented. From the NEWS file:
- Complete unification of network security support. All network protocols
(currently, POP and SMTP) have been refactored to use a
I have used:
fetchmail --verbose --sslcertpath="/etc/ssl/certs" --sslcertck --proto POP3
--mda "rcvstore -sequence gmail +inbox" --logfile /var/tmp/gmail.log
pop.gmail.com
to get my gmail downloaded for some time now.
It seems that fetchmail doesn't enable SNI for it's TLS connection, and