it really looks like Evolution is letting the factory defaults for NSS take over -- which means that, although permitted, most of the high-end encryption suites are not enabled.
I am assuming the ubuntu release of Evolution is using libnss (at least this is what is marked). I have not looked at Evolution with OpenSSL. In camel.c @ camel_init(), Evolution sets up the use of domestic encryption via a call to NSS_SetDomesticPolicy(), but does not set up the (by default) not enabled ciphersuites, which the Mozilla documentation state as required. This would require calls to SSL_CipherPrefSetDefault() globally, or SSL_CipherPrefSet() on each socket. I cannot find any such calls in the code. So... it looks that Evolution does need a patch in order to allow high- end ciphersuites to be used. It is missing the necessary setup. c.f. http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1214758 Of course, I may be completely wrong, but I do not think so. -- Evolution uses weak encryption for SSL/TLS https://launchpad.net/bugs/82515 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
