[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] OS X Mail.app Insecure TLS Usage With SMTPS?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] OS X Mail.app Insecure TLS Usage With SMTPS?
- From: Sabahattin Gucukoglu <mail@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 31 Oct 2010 04:47:43 +0000
I'm getting a bit panicky here.
I just upgraded to a CA-issued certificate. They require an intermediate CA
not in OS roots. I installed it on all my services, but my SMTP proxy only
advertises the primary (server) certificate. I noticed this when verifying
several services a short while later, but not, I suddenly realised, without
having successfully sent some mail first through that same server and proxy.
I checked Keychain access, nothing. Tried to find a way to clear any kind of
state or cache, nothing. I looked at my old certificate, and notice that I'd
never have seen this before, since I would have readily imported the CA key
when installing it.
Now, could somebody please see if Mail.app will connect to custom port n of
choice, SSL enabled, running Direct SSL, with "Password" (i.e., plain)
authentication, and not bat an eyelid when the cert is invalid because it's
unverified at the first hop? Extra points for testing various versions (I'm on
10.6.4 latest), or for seeing if completely invalidating the cert would bother
it either (at least one of my other clients doesn't even *try*, but it's not an
important one) ...
Thank you!
Cheers,
Sabahattin
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/