diff options
Diffstat (limited to 'imap')
-rw-r--r-- | imap/imap.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/imap/imap.c b/imap/imap.c index 2ddc3469..60a49f1e 100644 --- a/imap/imap.c +++ b/imap/imap.c @@ -537,6 +537,19 @@ int imap_open_connection (IMAP_DATA* idata) { if (option(OPTSSLFORCETLS) || (query_quadoption (OPT_SSLSTARTTLS, + /* L10N: + Gitlab ticket #246 identified a machine-in-the-middle attack + by sending a "PREAUTH" response instead of "OK". STARTTLS + is not allowed once you are authenticated, so this would be + a clever way to prevent encryption, and talk to the MITM instead. + + This prompt is based on the quadoption $ssl_starttls. The + default is "yes" which will automatically abort unencrypted + PREAUTH. But if the user changes to ask-yes or ask-no, this + prompt will occur instead to warn them that the connection is + an unusual "PREAUTH" and is unencrypted. The warning is terse, + so translator feedback and suggestions most welcome. + */ _("Abort unencrypted PREAUTH connection?")) != MUTT_NO)) { mutt_error _("Encrypted connection unavailable"); |