mailing list archives
OS X Mail.app Insecure TLS Usage With SMTPS?
From: Sabahattin Gucukoglu <mail () sabahattin-gucukoglu com>
Date: Sun, 31 Oct 2010 04:47:43 +0000
I'm getting a bit panicky here.
I just upgraded to a CA-issued certificate. They require an intermediate CA not in OS roots. I installed it on all my
services, but my SMTP proxy only advertises the primary (server) certificate. I noticed this when verifying several
services a short while later, but not, I suddenly realised, without having successfully sent some mail first through
that same server and proxy.
I checked Keychain access, nothing. Tried to find a way to clear any kind of state or cache, nothing. I looked at my
old certificate, and notice that I'd never have seen this before, since I would have readily imported the CA key when
Now, could somebody please see if Mail.app will connect to custom port n of choice, SSL enabled, running Direct SSL,
with "Password" (i.e., plain) authentication, and not bat an eyelid when the cert is invalid because it's unverified at
the first hop? Extra points for testing various versions (I'm on 10.6.4 latest), or for seeing if completely
invalidating the cert would bother it either (at least one of my other clients doesn't even *try*, but it's not an
important one) ...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- OS X Mail.app Insecure TLS Usage With SMTPS? Sabahattin Gucukoglu (Oct 31)