Re: Whats chances of getting libTLSv1.3 for stretch
On Wed, Jul 08, 2020 at 05:12:20AM -0400, Gene Heskett wrote:
> As a 2 decade user of fetchmail/procmail combo, I just updated to stretch
> backports, but did not get a TLSv1.3, so when I configure the newest
> fetchmail, I don't get ssl3 support.
Er... what? This question doesn't make any sense. I can't figure
out whether you're asking for a *newer* library or an *older* library
than what you have right now.
TLS 1.3 is very new, and is not assumed to be present by most
applications.
SSL 3 is extremely old, and has well-known exploited holes. My
first Google hit for SSL 3 is a refernce to the POODLE exploit from
2014. <https://blog.qualys.com/ssllabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack>
Are you *really* trying to use SSL 3, because that's what you configured
the other end to use, "2 decades" ago? If so, it is time to stop
doing that. Upgrade *both* ends to use currently supported, non-vulnerable
TLS protocols. At this point, TLS 1.2 is your most likely target.
Reply to: