On Sun, Sep 23, 2018 at 7:57 AM, Michael Schwendt <mschwendt@xxxxxxxxx>
wrote:
That an update for SNI may be required is clear, but it doesn't answer
the question where a change will be needed.
The Claws Mail developers will have to investigate. The right place
will be close to all the other uses of GnuTLS, though, after creating
the gnutls_session_t, before connecting to the server.
On Sun, Sep 23, 2018 at 7:57 AM, Michael Schwendt <mschwendt@xxxxxxxxx>
wrote:
No, it isn't, because fetchmail doesn't use gnutls. Claws Mail does,
and additionally it is based on libetpan, which uses gnutls
internally, too.
There's really nothing more to say about the problem than what's
explained there. If you want to connect to Google with TLS 1.3 you're
going to have to use SNI, because Google has decided to require it.
It's unfortunate that this artificially introduces an incompatibility
for applications that are turning on TLS 1.3 when so much effort has
gone into ensuring the protocol is backwards-compatible and resistant
to so many ways of breaking that.
You could also just turn off TLS 1.3 with
gnutls_set_default_priority_append(). Of course, that will break in a
few years when Google starts refusing TLS 1.2 connections. Better to
use SNI.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
