Dan, Very good point.
Access by IP address didn't work before -- I just checked w/ Xenial / OpenSSL 1.0.0, and it fails with certification verification error too. IIUIC this seems reasonable - as the default certificate is the only thing the server could send to the client without SNI (which prohibited for IP addresses) to hint/tell the server which hostname it wants the certificate for, and the certificate owners would need to keep the default certificate up-to-date with all IP addresses the server could possibly serve/respond on (it seems unfeasible). So we should be good on this particular case! Thanks for catching this. -- $ lsb_release -cs xenial $ dpkg -l | grep libssl1. | awk '{ print $2 }' libssl1.0.0:amd64 $ mailutil check {imap.gmail.com:993/imap/ssl}INBOX {cb-in-f109.1e100.net/imap} username: ^C $ host imap.gmail.com | grep -m1 address gmail-imap.l.google.com has address 64.233.186.108 $ mailutil check {64.233.186.108:993/imap/ssl}INBOX Certificate failure for 64.233.186.108: Server name does not match certificate: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=imap.gmail.com Certificate failure for 64.233.186.108: Server name does not match certificate: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=imap.gmail.com -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1834340 Title: Regression for GMail after libssl upgrade with TLSv1.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1834340/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs