[Virtualacorn-list] Multiple recipients
Steffen Huber
steffen at huber-net.de
Wed Aug 1 13:14:48 BST 2018
> lists via Virtualacorn-list <virtualacorn-list at riscository.co.uk> wrote:
>
> In article <1840513606.181910.1533048584132 at communicator.strato.de>,
> Steffen Huber via Virtualacorn-list
> <virtualacorn-list at riscository.co.uk> wrote:
> > one single problem: Messenger Pro's insecureness.
>
> If you know of insecurities in MP Pro perhaps you should report them to
> Andrew Rawnsley so that there is a chance of them being fixed.
The mail transport relies on the SecureSockets module, which is
based on a very old version of OpenSSL of perhaps 2006 vintage.
Apart from the many security problems found since then, it is
also a problem that modern encryption standards are not supported.
IIRC, it is TLS 1.0 only. You shouldn't even use TLS 1.1 anymore.
That many mail servers still support TLS 1.0 is sheer luck.
Andrew knows this. He has repeatedly asked if someone could
"upgrade" the SecureSockets module, but nobody volunteered.
I don't know why it must be done via module, there are several
C libraries available that could be embedded into the application
code. GnuTLS, mbedTLS...
There is 3rd party software for secure POP3 and SMTP transport
based on a comparatively new version (2016 IIRC) of GnuTLS, but
there is no solution for IMAP.
Steffen
--
Steffen Huber LambdaComm System – Welcome to Trollinger Country
steffen at huber-net.de
Private homepage http://www.huber-net.de/
RISC OS Blog http://riscosblog.huber-net.de/
More information about the Virtualacorn-list
mailing list