L. David Baron @dbaron@w3c.social · Jun 11, 2019 · 6:19 PM UTC

L. David Baron @dbaron@w3c.social

L. David Baron @dbaron@w3c.social @davidbaron

11 Jun 2019

Anybody else seeing imap.gmail.com using a cert with CommonName invalid2.invalid? (Does anyone else use imap.gmail.com these days?)

L. David Baron @dbaron@w3c.social · Jun 11, 2019 · 6:49 PM UTC

L. David Baron @dbaron@w3c.social @davidbaron

11 Jun 2019

OK, the underlying problem seems to be that something changed today (probably an upgrade I picked up with Ubuntu updates) that triggered mta.openssl.org/pipermail/op… , and forcing TLS 1.2 fixes things, since imap.gmail.com now requires SNI for TLS 1.3.

L. David Baron @dbaron@w3c.social · Jun 11, 2019 · 9:16 PM UTC

L. David Baron @dbaron@w3c.social · Jun 11, 2019 · 9:16 PM UTC

L. David Baron @dbaron@w3c.social @davidbaron

11 Jun 2019

Replying to @asutherland

Yeah, what I don't know is whether today's system updates (probably the openssl or libssl one) (a) broke fetchmail sending of SNI or (b) made fetchmail start using TLS 1.3

Jun 11, 2019 · 9:16 PM UTC

L. David Baron @dbaron@w3c.social · Jun 11, 2019 · 9:18 PM UTC

L. David Baron @dbaron@w3c.social @davidbaron

11 Jun 2019

Replying to @davidbaron @asutherland

Though given that the update was from 1.1.0g to 1.1.1, it's probably that it made fetchmail start using TLS1.3... and I guess I don't have the version of fetchmail that sends SNI properly. (There were some fedora bugs on this from last year...)

L. David Baron @dbaron@w3c.social · Jun 11, 2019 · 9:22 PM UTC

L. David Baron @dbaron@w3c.social @davidbaron

11 Jun 2019

Anyway, commented: bugs.launchpad.net/ubuntu/+s…