Community Discussions and Support
Fastmail SSL changes - now Pegasus will not connect

Several years old but...

Like many fastmail users, I changed to insecuressl.messagingengine.com for POP3/IMAP/SMTP to overcome SSL issues. Pegasus 4.70 now works with mail.messagingengine.com & SSL.

Well done to the Pegasus team.

<P>Several years old but...</P> <P>Like many fastmail users, I changed to <FONT size=2>insecuressl.messagingengine.com for POP3/IMAP/SMTP to overcome SSL issues. Pegasus 4.70 now works with <FONT size=2>mail.messagingengine.com & SSL.</FONT></FONT></P> <P><FONT size=2><FONT size=2>Well done to the Pegasus team.</P></FONT></FONT>

Seems earlier this week Fastmail has changed the SSL version causing Pegasus to fail if SSL (or TLS) to connect, dropping down to nonsecure (IMAP port 143) it works.

Reading the blog:

-------------

SSL security updated
November 18, 2009 — Rob Mueller

Due to a recently discovered SSL man-in-the-middle flaw, I’ve upgraded our web, IMAP and POP proxy servers to disable SSL renegotiation.

At the same time, I’ve disabled SSLv2 protocol (it’s been deprecated 1996) and disabled all “LOW” and “EXPORT” ciphers.

In theory, there should be no user visible changes, but some very, very old email clients or browsers may experience problems. Unfortunately in those cases, people are either going to have to use non-SSL access, or upgrade their email client/browser to a newer version.

---------------

Reading the blog and forums for Fastmail I was able to find this tidbit:

Try changing the hostname to insecuressl.messagingengine.com. We've added a couple of extra IP addresses and configured that hostname with SSLv2 support.

-----------------

Hopefully the SSL issue can be addressed by David.

Using Mulberry I was able to connect to the site via the mail.messagingengine.com address via IMAP port 993. Firewall was not changed (allows Pegasus on the SSL and non SSL ports to the mail server).


If anyone else has an idea how to configure Pegasus that would be great.

Thank you


<P>Seems earlier this week Fastmail has changed the SSL version causing Pegasus to fail if SSL (or TLS) to connect, dropping down to nonsecure (IMAP port 143) it works.</P><P>Reading the blog:</P><P>-------------</P><P>SSL security updated November 18, 2009 — Rob Mueller Due to a recently discovered SSL man-in-the-middle flaw, I’ve upgraded our web, IMAP and POP proxy servers to disable SSL renegotiation. At the same time, I’ve disabled SSLv2 protocol (it’s been deprecated 1996) and disabled all “LOW” and “EXPORT” ciphers. In theory, there should be no user visible changes, but some very, very old email clients or browsers may experience problems. Unfortunately in those cases, people are either going to have to use non-SSL access, or upgrade their email client/browser to a newer version. </P><P>---------------</P><P>Reading the blog and forums for Fastmail I was able to find this tidbit:</P><P>Try changing the hostname to <STRONG>insecuressl.messagingengine.com</STRONG>. We've added a couple of extra IP addresses and configured that hostname with SSLv2 support.</P><P>-----------------</P><P>Hopefully the SSL issue can be addressed by David.</P><P>Using Mulberry I was able to connect to the site via the <STRONG>mail.messagingengine.com </STRONG>address via IMAP port 993. Firewall was not changed (allows Pegasus on the SSL and non SSL ports to the mail server).</P><P> </P><P>If anyone else has an idea how to configure Pegasus that would be great.</P><P>Thank you</P><P> </P>

> If anyone else has an idea how to configure Pegasus that would be great.

What I did was fallback to a non-SSL connection. All my mail goes through all sorts non-secure connections anyway and SSL is no big deal.

<SPAN lang=EN> <P align=left>> If anyone else has an idea how to configure Pegasus that would be great.</P></SPAN> <P>What I did was fallback to a non-SSL connection. All my mail goes through all sorts non-secure connections anyway and SSL is no big deal.</P>

[quote user="Thomas R. Stephenson"]

What I did was fallback to a non-SSL connection. All my mail goes through all sorts non-secure connections anyway and SSL is no big deal.

[/quote]

If SSL is not important, why bother with all the extra code in Pegasus Mail?

[quote user="Thomas R. Stephenson"]<span lang="EN"> </span> <p>What I did was fallback to a non-SSL connection. All my mail goes through all sorts non-secure connections anyway and SSL is no big deal.</p><p>[/quote]</p><p>If SSL is not important, why bother with all the extra code in Pegasus Mail? </p>

SSL use is definitely important, like when using an insecure network at work to read your mail or a in a country that monitors access.

the non ssl work around means other people can get your password easy if you are using an untrusted network with people sniffing.

Thanks for the  insecuressl.messagingengine.com workaround, I got that working.

hope it can be addressed soon, to bring pegasus into line with other mail clients.

For me, Pegasus not connecting to modern SSL servers would make me mover to another client.


<p>SSL use is definitely important, like when using an insecure network at work to read your mail or a in a country that monitors access. </p><p>the non ssl work around means other people can get your password easy if you are using an untrusted network with people sniffing. </p><p>Thanks for the  <strong>insecuressl.messagingengine.com</strong> workaround, I got that working.</p><p> hope it can be addressed soon, to bring pegasus into line with other mail clients.</p><p>For me, Pegasus not connecting to modern SSL servers would make me mover to another client. </p><p> </p>

If SSL is not important, why bother with all the extra code in Pegasus Mail?

 It's not that important to me when using a free email system since neither the data or the account is all that important.  The real problem with FastMail is their inability to support the standard as it was written.  GMail and Yahoo seem to be able to handle this a lot better.

Think about it though, the only thing you are protecting with a system like FastMail is the username and password, everything else is going to be passed  in the clear to the next system down the line.  ;-)

 

<blockquote><p>If SSL is not important, why bother with all the extra code in Pegasus Mail? </p></blockquote><p> It's not that important to me when using a free email system since neither the data or the account is all that important.  The real problem with FastMail is their inability to support the standard as it was written.  GMail and Yahoo seem to be able to handle this a lot better.</p><p>Think about it though, the only thing you are protecting with a system like FastMail is the username and password, everything else is going to be passed  in the clear to the next system down the line.  ;-)</p><p> </p>

> For me, Pegasus not connecting to modern SSL servers would make me
> mover to another client.

Are GMail and Yahoo modern servers?  This is a problem with Fastmail not supporting a valid secure protocol. 

The workaround the FastMail has provided does not even support STARTTLS but only direct SSL and that one have been depreciated for years.

 

<p>> For me, Pegasus not connecting to modern SSL servers would make me > mover to another client. Are GMail and Yahoo modern servers?  This is a problem with Fastmail not supporting a valid secure protocol.  </p><p>The workaround the FastMail has provided does not even support STARTTLS but only direct SSL and that one have been depreciated for years.</p><p> </p>

[quote user="Thomas R. Stephenson"]

> For me, Pegasus not connecting to modern SSL servers would make me
> mover to another client.

Are GMail and Yahoo modern servers?  This is a problem with Fastmail not supporting a valid secure protocol. 

The workaround the FastMail has provided does not even support STARTTLS but only direct SSL and that one have been depreciated for years.

 

[/quote]

Thomas, thanks for your help.  Does "depreciated" mean that the protocol's value or trust has been lowered?

[quote user="Thomas R. Stephenson"]<p>> For me, Pegasus not connecting to modern SSL servers would make me > mover to another client. Are GMail and Yahoo modern servers?  This is a problem with Fastmail not supporting a valid secure protocol.  </p><p>The workaround the FastMail has provided does not even support STARTTLS but only direct SSL and that one have been depreciated for years.</p><p> </p><p>[/quote]</p><p>Thomas, thanks for your help.  Does "depreciated" mean that the protocol's value or trust has been lowered? </p>

Thomas, thanks for your help.  Does "depreciated" mean that the protocol's value or trust has been lowered?

It means that that the server and client developers should be supporting TLS instead of SSL since the new protocol has now been considered a standard.  Does not necessarily mean that the SSL is more or less secure than TLS.

 

<blockquote>Thomas, thanks for your help.  Does "depreciated" mean that the protocol's value or trust has been lowered?</blockquote><p>It means that that the server and client developers should be supporting TLS instead of SSL since the new protocol has now been considered a standard.  Does not necessarily mean that the SSL is more or less secure than TLS.</p><p> </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft