>I think this level of checking was first introduced with OpenSSL >1.1.1f and all applications will refuse to work if compiled with this >or newer version (for example curl). If you don't mind sending your >login information on an now unsecure channel, you can restore the >previous behaviour. You need to edit /etc/ssl/openssl.cnf and set >"CipherString = DEFAULT@SECLEVEL=2" to one instead. But then again, >it's definitely NOT recommended for your security.
I should add that in fact it is Debian, rather than openssl, which defaults to SECLEVEL=2. As a consequence, it is not necessary to set it to 1: commenting the line is enough. To avoid having this change to be system-wide, one can use a local openssl configuration file (where the Cipherstring line is commented out) and call fetchmail like OPENSSL_CONF=~/insecure-openssl.conf fetchmail -- Francesco Potortì (ricercatore) Voice: +39.050.621.3058 ISTI - Area della ricerca CNR Mobile: +39.348.8283.107 via G. Moruzzi 1, I-56124 Pisa Skype: wnlabisti (gate 20, 1st floor, room C71) Web: http://fly.isti.cnr.it
