Bug 1331702 - [PATCH] Disable sslv3 in fetchmail
Summary: [PATCH] Disable sslv3 in fetchmail
Alias: None
Product: Fedora
Classification: Fedora
Component: fetchmail
Version: rawhide
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Vitezslav Crhonek
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2016-04-29 10:21 UTC by Codarren Velvindron
Modified: 2016-05-02 12:47 UTC (History)
1 user (show)

Fixed In Version: fetchmail-6.3.26-10.fc25
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-05-02 12:47:45 UTC
Type: Bug

Attachments (Terms of Use)
Disable sslv3 (643 bytes, patch)
2016-04-29 10:21 UTC, Codarren Velvindron
no flags Details | Diff
Updated NEWS (1.09 KB, patch)
2016-04-29 10:21 UTC, Codarren Velvindron
no flags Details | Diff
fetchmail patch (385 bytes, patch)
2016-04-29 10:23 UTC, Codarren Velvindron
no flags Details | Diff
configure.ac patch (312 bytes, patch)
2016-04-29 10:24 UTC, Codarren Velvindron
no flags Details | Diff
fetchmail spec diff (694 bytes, patch)
2016-04-29 10:25 UTC, Codarren Velvindron
no flags Details | Diff

Description Codarren Velvindron 2016-04-29 10:21:19 UTC
Created attachment 1152209 [details]
Disable sslv3

Description of problem:https://www.rfc-editor.org/rfc/rfc7568.txt
According to rfc7568, sslv3 is no longer considered secure. This patch disables sslv3 if the system's openssl is compiled without it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 1 Codarren Velvindron 2016-04-29 10:21:59 UTC
Created attachment 1152210 [details]
Updated NEWS

Comment 2 Codarren Velvindron 2016-04-29 10:23:28 UTC
Created attachment 1152211 [details]
fetchmail patch

Comment 3 Codarren Velvindron 2016-04-29 10:24:10 UTC
Created attachment 1152212 [details]
configure.ac patch

Comment 4 Codarren Velvindron 2016-04-29 10:25:08 UTC
Created attachment 1152213 [details]
fetchmail spec diff

Comment 5 Vitezslav Crhonek 2016-05-02 12:47:24 UTC
Thanks, applied.

Just for clarification - it doesn't disable SSLv3 (it already was disabled, because it's disabled in openssl), but improves error message when fetchmail is forced to use SSLv3 (with "sslproto ssl3") and add "-SSL3" to "fetchmail --version" output.

All important SSL changes were already backported from upstream at the end of October 2015.

Note You need to log in before you can comment on or make changes to this bug.