Esumsoft Forums

Hi

OpenSSL 0.9.8j released.

All Versions prior OpenSSL 0.9.8j have a major vulnerability: here

Can you update Pop Peeper to support OpenSSL 0.9.8j ?

Regards

Usually, these security bulletins are for servers running OpenSsl, but in this case, it is a recommended update for clients.

So what I've done is made a test zip that has the latest build and can be downloaded here .

This will appear as version 0.9.8.10 in POP Peeper's Help/About window, to make sure you are using the correct version.

I'm already running it and it doesn't appear to have any problems. If you use it, please let me know so that I have an idea of how many people are using it (and assuming successfully) before I make it officially available.

POP Peeper says I have no SSL plugin when I try these files. It also can't use the default Win32 files (the ones Wikipedia links to). I've always upgraded without saying it here and it never happened before.

However, I found a version that has "tlsext enabled" and it did work. What's up with that?

I can't send and receive Mails with OpenSSL 0.9.8.10

POP Error-Message:
SSL connection failed (Is SSL Plugin loaded?)

SMTP Error-Message:
SMTP: Could not connect to server

If you had read my post, you would have known how to solve it.

lwc wrote:If you had read my post, you would have known how to solve it.

I had read your Post, but i want to let Jeff know, that his Files are not working.

However, I found the Files with "tlsext enabled". No Problems with these Files .

Thanks lwc for your Help.

Regards

I didn't supply that link myself because Jeff says he has legal reasons not to include certain Encryption Algorithms.

OK, I removed the Link. Maybe Jeff find a Solution to get the official Files work with Pop Peeper.

hmmm... it works for all my accounts (2 different servers). I also tested with gmail and it works. Do either of you have a gmail account (or another free server that I can test with) to compare? And are your affected accounts set to use SSL or TLS?

The affected Accounts (5 different Providers) are set to use SSL. I don't use GMail, but I have send you the Infos for a Test-Account via PM.

I use Gmail with SSL.

OK, I found the problem. The default build expects certain DLLs on the computer that most non-developers wouldn't have. I have rebuilt the DLLs to avoid this and these should work for you guys: download here.

Try these and let me know how it goes.

Now it works well.

But is it less secure than the default build because you're limited by your local law?

The issue is actually with certain algorithms that have patents. I cannot say with any authority that these algorithms are more or less secure than the others. It's possible that they're not any more secure, or it's possible that they're lower in the priority, or it's even possible that the server doesn't use them either.

Nevertheless, your plugin's page casually claims they're less secure.

Hi,
if it is still of interest.. I'm using your last version of SSL 0.9.8j with yahoo.es, gmail.com, and hotmail.com... I sent some attachments under hotmail and gmail, and I didn't have any problem (just talking about regular using, no testing at all).

bye.

(I did not figure out I should report) That is all Ok for me also , using OpenSSL 0.9.8j for Gmail-Imap since Feb 2009 .

I will be publishing this updated SSL plugin as the "official" version this weekend.

I've started to successfully use 0.9.8k (just Google OpenSSL-0.9.8k.dll.zip).