Only sslv3 is used by the current claws mail...
>> The last commit in Claws Mail GIT repository might resolve your
So I believe it is fixed in a newer version.
Steps to Reproduce:
check email pop3 ssl
sslv3 negotiation failure (I disabled sslv3 for my dovecot server)
get muh emailz
(In reply to Brian Denton from comment #0)
> Steps to Reproduce:
> check email pop3 ssl
> Actual Results:
> sslv3 negotiation failure (I disabled sslv3 for my dovecot server)
I also have dovecot with disabled SSLv3 and I have no issues with claws-mail-3.10.1.
As for disabling SSLv3 entirely in claws-mail, the following commits should do it:
First patch applies only after removing the AUTHORS hunk. Second patch applies cleanly.
And the first patch might actually solve your problem. See the original message you quoted (also dated Aug 28):
3.11.0 is the first release that disables SSL v3 by default. 3.11.1 is in the tree.
@maintainers: is 3.11.1 ready for stabilization?
*** Bug 531180 has been marked as a duplicate of this bug. ***
With 3.11.1 being long enough in the tree, I would again like to ask for stabilization. Isn't it about time to finally fix this for stable branch as well?
This still is not fixed. As many servers have disabled SSLv3 now, you can't connect to any of them with the current stable version.
Added to an existing GLSA Request.
Isn't this bug obsolete?
There is only mail-client/claws-mail-3.13.2 in portage now.
Not from security perspective the GLSA still has to be released.
This issue was resolved and addressed in
GLSA 201606-11 at https://security.gentoo.org/glsa/201606-11
by GLSA coordinator Aaron Bauman (b-man).