AquaMail Forum
English - Android => Development builds => Topic started by: Kostya Vasilyev on September 12, 2017, 09:32:05 pm
-
https://www.aqua-mail.com/download/AquaMail-market-1.12.0-608-dev-6ae5c8bdd97e.apk
---
+ Better error message for "SSL cert CN mismatch".
---
+ Более лучшее сообщение об ошибке при "Неправильном имени в SSL сертификате".
-
Link does not work.
(Enjoy vacation, btw)
-
It does right now (I copied the file maybe a minute or two after posting).
-
https://www.aqua-mail.com/download/AquaMail-market-1.12.0-608-dev-6ae5c8bdd97e.apk
---
+ Better error message for "SSL cert CN mismatch".
---
+ Более лучшее сообщение об ошибке при "Неправильном имени в SSL сертификате".
url name / SSL mismatch error, since this Aquamail version.
-
url name / SSL mismatch error, since this Aquamail version.
That's by design.
If you have a mismatch, Aquamail must warn you. It helps preventing man-in-the-middle (MITM) attacks.
-
url name / SSL mismatch error, since this Aquamail version.
That's by design.
If you have a mismatch, Aquamail must warn you. It helps preventing man-in-the-middle (MITM) attacks.
I know my hostname does not match. So far Aquamail has also mentioned but not blocked.
-
Well, that has been recently discussed that that behavior was a security problem.
So, you have two choices:
1. (manually) configure the server name in the account setting to match one of the names on the certificate (Long press on account name -> Account setup -> "Manual" ),
or
2. you can choose not to use "strict" (under TLS/SSL and/or STARTSSL) - rather "accept any".
There will be some further improvement to this functionality.
And a word of personal advice: if you are using "accept any" (which is in general dangerous, as you are never sure you are sending your login and password to the correct server, and it is not intercepted), I'd recommend to enable the option "SSL certificate change detection" (Under Settings -> Network).