Bug 267253 – changing from imap to imap+ssl works only after restart

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 267253 - changing from imap to imap+ssl works only after restart


Summary:	changing from imap to imap+ssl works only after restart


Status:	VERIFIED NOTABUG

Product:	evolution
Classification:	Applications
Component:	Mailer
Version:	2.0.x (obsolete)
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	evolution-mail-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2004-09-30 19:50 UTC by Christian Krause
Modified:	2009-08-15 18:40 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Christian Krause 2004-09-30 19:50:16 UTC

Please fill in this template when reporting a bug, unless you know what you
are doing.

Description of Problem:
If you change the SSL settings of an imap account from "Never" to "Always"
these settings are not used until restart of evolution. IMHO this is a
security problem, because a user thinks he has a secure connection, but his
password is transfered in plaintext. That's why I've changed the Priority
to Critical.


Steps to reproduce the problem:
1. configure an imap account, SSL: never
2. try to connect and use a wrong password (if you take care about your
passwort ;-) )
3. watch the network traffic with e.g. ethereal: protocol IMAP, password
visible
4. change in the account settings use SSL to "Always"
5. try again to connect with a wrong password ;-)
6. you'll see in ethereal your password again - no SSL is used

Actual Results:
SSL is not used although it is configured

Expected Results:
SSL should be used if configured so

How often does this happen? 
always when switching SSL from Never to Always

Additional Information:
after restarting evolution SSL is used

Comment 1 Jeffrey Stedfast 2004-09-30 20:04:42 UTC

duplicate feature request (it has worked this way forever - some
settings require a restart, others don't)

Comment 2 Christian Krause 2004-09-30 20:23:58 UTC

Hi, 

Sorry, but I don't understand why my arguments are completly ignored.

If a user configures SSL than he expect SSL. He expect that his
password is transfered encrypted.

There is not hint that this setting requires a restart.
Normally this is no so critical, but if his password is sent in
plaintext over the net this is security critical.
If you won't change the behaviour then please add a message box when
this settings is changed. "These changes requires a restart of
evolution. Until a restart you won't get a secure connection and you
password is transfered in plaintext"

So I ask you to reopen this bug. Thanks.

Comment 3 Jeffrey Stedfast 2004-09-30 20:50:48 UTC

it was closed because it's a duplicate

Comment 4 Christian Krause 2004-09-30 21:39:47 UTC

Ok, after searching bugzilla I think this is a dupe of
http://bugzilla.gnome.org/show_bug.cgi?id=207481

If this assumption is wrong, please tell me and add the correct bug
number.