[Kolab-devel] [issue2443] kontact aborts sieve when imapd sends capabilities after starttls
Thomas Arendsen Hein
kolab-issues at intevation.de
Fri Feb 1 18:43:39 CET 2008
New submission from Thomas Arendsen Hein <thomas at intevation.de>:
http://tools.ietf.org/html/draft-martin-managesieve-08.txt section 2.2:
After the TLS layer is established, the server MUST re-issue the
capability results, followed by an OK response. This is necessary to
protect against man-in-the-middle attacks which alter the
capabilities list prior to STARTTLS. This capability result MUST NOT
include the STARTTLS capability.
The client MUST discard cached capability information and replace it
with the new information. The server MAY advertise different
capabilities after STARTTLS.
Cyrus imapd didn't do this between 2002 and Mon Dec 10 14:47:08 2007, but it was
reintroduced in 2.3.11, see revision 1.45 in
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/timsieved/parser.c
----------
assignedto: till
messages: 13555
nosy: bernhard, bh, ludwig, osterfeld, thomas, till, vkrause
priority: critical
status: unread
title: kontact aborts sieve when imapd sends capabilities after starttls
topic: enterprise35, kde client, server
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue2443>
________________________________________________
More information about the devel
mailing list