On Sun, Jan 21, 2024 at 12:05:45PM +0000, Michael wrote
> 
> Anyway, to take you forward you can:
> 
> 1. Keyword the latest gnutls package in case the gnutls verification criteria 
> have been loosened.
> 
> 2. Copy the Root CA into the users ~/ and point muttrc to it:
> 
> set certificate_file = "~/.mutt/certificates"
> 
> 3. If everything else fails, having verified yourself the server's
> Root CA and child certificates are all legit you can set:
> 
> unset ssl_verify_host
> 
> Obviously this would not be satisfactory from a security perspective.

  Nothing above works, and I wonder if it's something at my end.  I keep
getting the same message...

> gnutls_handshake: A packet with illegal or unsupported version was received.

  The current net-libs/gnutls-3.8.0 ebuild (and 3.8.1 and 3.8.2) has
sslv2 and sslv3 enabled in IUSE  ...but...  "emerge -pv gnutls" shows
them hard-masked.  Is my system forcing sslv1 and the server rejecting me???

[ebuild   R    ] net-libs/gnutls-3.8.0:0/30.30::gentoo  USE="cxx idn nls openssl seccomp tls-heartbeat tools zlib -brotli -dane -doc -examples -pkcs11 (-sslv2) (-sslv3) -static-libs -test (-test-full) -verify-sig -zstd" 0 KiB

  Do you get the same?  Do I have to set something in...

make menuconfig
-*- Cryptographic API  --->

  "emerge -pv mutt"

[ebuild   R    ] mail-client/mutt-2.2.12::gentoo  USE="debug gnutls gpgme hcache imap lmdb mbox nls pop sasl smtp ssl -autocrypt -berkdb -doc -gdbm -gsasl -idn -kerberos -pgp-classic (-prefix) -qdbm (-selinux) -slang -smime-classic -tokyocabinet -vanilla" 0 KiB

  I copied certificates from x.txt to .mutt/certificates (see
attachment).  Is this correct?  And how do I securely pass credentials?

-- 
Roses are red
Roses are blue
Depending on their velocity
Relative to you