I see that the latest version of Thunderbird (38.0.1) still has the defaults set to ignore the error. Is this a big problem? Should I change the defaults to enforce greater security?
Here is background on the problem: https://wiki.mozilla.org/Security:Renegotiation
This flaw could allow a ‘man-in-the-middle’ (MITM), to be able to inject data into a connection between an Internet client and an Internet server, and potentially allow an attacker to execute commands using the credentials of an authorised user, or to even collect authentication credentials of authorised users.
This security flaw has been labled CVE-2009-3555 and is (being) described in more detail:
CVE-2009-3555
National Vulnerability Database (CVE-2009-3555).
I get the following errors in Thunderbird:
Error: imap.example.com : server does not support RFC 5746, see CVE-2009-3555
