OpenSSL

POP Peeper: Tech support, suggestions, discussion, etc.
Tiggz
Posts: 48
Joined: Tue Nov 06, 2007 3:33 am

OpenSSL

Post by Tiggz »

Hi

OpenSSL 0.9.8j released.

All Versions prior OpenSSL 0.9.8j have a major vulnerability: here

Can you update Pop Peeper to support OpenSSL 0.9.8j ?

Regards
Last edited by Tiggz on Wed Sep 22, 2010 12:00 am, edited 1 time in total.
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: OpenSSL 0.9.8j

Post by Jeff »

Usually, these security bulletins are for servers running OpenSsl, but in this case, it is a recommended update for clients.

So what I've done is made a test zip that has the latest build and can be downloaded here .

This will appear as version 0.9.8.10 in POP Peeper's Help/About window, to make sure you are using the correct version.

I'm already running it and it doesn't appear to have any problems. If you use it, please let me know so that I have an idea of how many people are using it (and assuming successfully) before I make it officially available.
lwc
Posts: 518
Joined: Tue Sep 27, 2005 5:46 am

Re: OpenSSL 0.9.8j

Post by lwc »

POP Peeper says I have no SSL plugin when I try these files. It also can't use the default Win32 files (the ones Wikipedia links to). I've always upgraded without saying it here and it never happened before.

However, I found a version that has "tlsext enabled" and it did work. What's up with that?
Tiggz
Posts: 48
Joined: Tue Nov 06, 2007 3:33 am

Re: OpenSSL 0.9.8j

Post by Tiggz »

I can't send and receive Mails with OpenSSL 0.9.8.10

POP Error-Message:
SSL connection failed (Is SSL Plugin loaded?)

SMTP Error-Message:
SMTP: Could not connect to server
lwc
Posts: 518
Joined: Tue Sep 27, 2005 5:46 am

Re: OpenSSL 0.9.8j

Post by lwc »

If you had read my post, you would have known how to solve it.
Tiggz
Posts: 48
Joined: Tue Nov 06, 2007 3:33 am

Re: OpenSSL 0.9.8j

Post by Tiggz »

lwc wrote:If you had read my post, you would have known how to solve it.
I had read your Post, but i want to let Jeff know, that his Files are not working.

However, I found the Files with "tlsext enabled". No Problems with these Files :wink: .

Thanks lwc for your Help.

Regards
Last edited by Tiggz on Wed Sep 22, 2010 12:00 am, edited 2 times in total.
lwc
Posts: 518
Joined: Tue Sep 27, 2005 5:46 am

Re: OpenSSL 0.9.8j

Post by lwc »

I didn't supply that link myself because Jeff says he has legal reasons not to include certain Encryption Algorithms.
Tiggz
Posts: 48
Joined: Tue Nov 06, 2007 3:33 am

Re: OpenSSL 0.9.8j

Post by Tiggz »

OK, I removed the Link. Maybe Jeff find a Solution to get the official Files work with Pop Peeper.
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: OpenSSL 0.9.8j

Post by Jeff »

hmmm... it works for all my accounts (2 different servers). I also tested with gmail and it works. Do either of you have a gmail account (or another free server that I can test with) to compare? And are your affected accounts set to use SSL or TLS?
Tiggz
Posts: 48
Joined: Tue Nov 06, 2007 3:33 am

Re: OpenSSL 0.9.8j

Post by Tiggz »

The affected Accounts (5 different Providers) are set to use SSL. I don't use GMail, but I have send you the Infos for a Test-Account via PM.
lwc
Posts: 518
Joined: Tue Sep 27, 2005 5:46 am

Re: OpenSSL 0.9.8j

Post by lwc »

I use Gmail with SSL.
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: OpenSSL 0.9.8j

Post by Jeff »

OK, I found the problem. The default build expects certain DLLs on the computer that most non-developers wouldn't have. I have rebuilt the DLLs to avoid this and these should work for you guys: download here.

Try these and let me know how it goes.
Tiggz
Posts: 48
Joined: Tue Nov 06, 2007 3:33 am

Re: OpenSSL 0.9.8j

Post by Tiggz »

Now it works well.
lwc
Posts: 518
Joined: Tue Sep 27, 2005 5:46 am

Re: OpenSSL 0.9.8j

Post by lwc »

But is it less secure than the default build because you're limited by your local law?
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: OpenSSL 0.9.8j

Post by Jeff »

The issue is actually with certain algorithms that have patents. I cannot say with any authority that these algorithms are more or less secure than the others. It's possible that they're not any more secure, or it's possible that they're lower in the priority, or it's even possible that the server doesn't use them either.
lwc
Posts: 518
Joined: Tue Sep 27, 2005 5:46 am

Re: OpenSSL 0.9.8j

Post by lwc »

Nevertheless, your plugin's page casually claims they're less secure.
User avatar
devega
Posts: 267
Joined: Wed Mar 28, 2007 12:08 pm

Re: OpenSSL 0.9.8j

Post by devega »

Hi,
if it is still of interest.. I'm using your last version of SSL 0.9.8j with yahoo.es, gmail.com, and hotmail.com... I sent some attachments under hotmail and gmail, and I didn't have any problem (just talking about regular using, no testing at all).

bye.
User avatar
JRF
Moderator
Posts: 4078
Joined: Sun Oct 20, 2002 3:41 am

Re: OpenSSL 0.9.8j

Post by JRF »

(I did not figure out I should report) That is all Ok for me also , using OpenSSL 0.9.8j for Gmail-Imap since Feb 2009 .
• (PP + IMAP + Send)=381 Web=3808 PPT=38 SSL=1005 Voice=3 Chime=3 Skin=36 PP-Add-on-Pack=3 • XPproSP3 • Fx=1301 Opera=1162 [IE=80] • Online-Armor=5501616 • CPU=1.2GHz • RAM=2.5GB •
User avatar
Jeff
Admin / Developer
Posts: 9225
Joined: Sat Sep 08, 2001 9:46 pm

Re: OpenSSL 0.9.8j

Post by Jeff »

I will be publishing this updated SSL plugin as the "official" version this weekend.
lwc
Posts: 518
Joined: Tue Sep 27, 2005 5:46 am

Re: OpenSSL

Post by lwc »

I've started to successfully use 0.9.8k (just Google OpenSSL-0.9.8k.dll.zip).
Post Reply