[MlMt] Cannot decode response

Benny Kjær Nielsen mailinglist at freron.com
Thu Apr 17 09:13:17 EDT 2014

Previous message: [MlMt] Cannot decode response
Next message: [MlMt] Bundle input types other than canonical
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 17 Apr 2014, at 14:41, Bram Heerink wrote:

>> The past few days/weeks I've fixed a number of minor issues and I've 
>> also made a minor change to how the SSL handshake is done. I'm 
>> therefore very interested in reports from anyone having issues with 
>> MailMate regularly taking mailboxes/accounts to the 
>> unavailable/offline state. Write me privately using “Help ▸ Send 
>> Feedback”. Make sure you are using MailMate r4186 or later.
>
> Could you elaborate on the current version of OpenSSL in Mailmate in 
> at least the test version? #heartbleed

Yes, and this goes for all versions of MailMate:

MailMate uses the OpenSSL versions included with Mac OS X. None of these 
support the heartbeat feature of OpenSSL which is where the major 
security bug (heartbleed) resides. Even if MailMate connects to a hacked 
server (for example, as part of a man in the middle attack) I don't 
believe the server could obtain information (unrelated to the handshake) 
from MailMate.

Now, Apple has actually deprecated OpenSSL a long time ago (for 
technical reasons more than security reasons I believe), but they still 
backport security fixes. They don't however support new features in 
OpenSSL such as the heartbeat feature -- which in this case turned out 
to be a good thing.

-- 
Benny

Previous message: [MlMt] Cannot decode response
Next message: [MlMt] Bundle input types other than canonical
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list