@Fridtjorf: I agree, this is, probably, a security concern. But there are some mitigations: RC4-128 is not that weak at all, and there are other safeguards that can be deployed -- like encrypting the e-mail before sending. What I am trying to say is this is not a critical issue, and there is really no need to go fast here.
On the patch I proposed: it only deals with an e-d-s compiled against libnss3, and does not address openSSL at all. So it is certainly not complete. Also, as I stated earlier, I would rather have upstream look at it, since I may very well have done something wrong (this is my first patch against e-d-s, ever). -- Evolution uses weak encryption for SSL/TLS https://launchpad.net/bugs/82515 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
