Package: fetchmail Version: 6.3.26-3 Severity: important
After updating libssl1.1 to version 1.1.0f-4 fetchmail refuse to connect by IMAP to a set of my mailboxes with the error: localhost fetchmail[3635]: OpenSSL reported: error:14171102:SSL routines:tls_process_server_hello:unsupported protocol localhost fetchmail[3635]: SSL connection failed. I found that the similar error (#871918) was reported to libssl1.1 package but it was closed. First of all I think that such changes in library as disabling TLS 1.0 and 1.1 must be reported in apt-listchanges I resolved this issue by adding option "sslproto 'TLS1'" in fetchmailrc. So my second point is following. Is it correct to remove the obsolete non-secure protocols without even a hint to a reasons? Is my connection now is more secure? What should I do as user of mailbox? If I send a mail to the system administrator with diagnostic like in above of this letter it will be rejected because it is my problem. Is it possible to add to the error the version of protocol from the server side with mark in case of insecurity? Thank you. Yu. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages fetchmail depends on: ii adduser 3.116 ii debianutils 4.8.2 ii libc6 2.24-12 ii libcomerr2 1.43.5-1 ii libgssapi-krb5-2 1.15.1-2 ii libk5crypto3 1.15.1-2 ii libkrb5-3 1.15.1-2 ii libssl1.1 1.1.0f-4 ii lsb-base 9.20161125 Versions of packages fetchmail recommends: ii ca-certificates 20161130+nmu1 Versions of packages fetchmail suggests: ii exim4-daemon-light [mail-transport-agent] 4.89-5 ii fetchmailconf 6.3.26-3 ii resolvconf 1.79 -- Configuration Files: /etc/default/fetchmail changed: export LC_ALL=C START_DAEMON=yes -- no debconf information