Gmail Drops Support for POP3 with Self-Signed Certificates
Gmail users can't retrieve email from third-party services using self-signed SSL certificates.
For the past week, access to a third-party email service through Gmail has stopped as of December 11 after years of trouble-free email retrieval. According to the mail fetch history panel, it's an SSL Security Error that's preventing email retrieval from the pop3 server, reporting that the SSL certificate has expired. Naturally a technical support request has been placed with the third-party provider, but now a new report indicates that Google is responsible for the Gmail SSL error thanks to a new policy.
According to Slashdot, Google's Gmail servers have been reconfigured to not connect to remote pop3 servers that have self-signed certificates. Thus Gmail users trying to get email from other services may be left with an unencrypted connection, or no access to the services whatsoever.
"As of December 2012, Gmail uses 'strict' SSL1 security," the company states. "This means that we'll always enforce that your other provider's remote server has a valid SSL certificate. We made this change to offer a higher level of security to better protect your information."
In other words, Google will now only accept SSL certificates from a paid provider approved by Google. The company states that Gmail users can always uncheck the "Always use a secure connection (SSL) when retrieving mail" option on the Accounts and Import tab in the Gmail settings menu, but that also means the user's password and email will not be protected while sent over the Internet.
The other option is to notify the third-party email service of the error so they can "fix" their SSL setup. The Slashgear report suggests that public keys should be placed on Google's side in the user configuration rather than simply dumping the problem on the user and then moving on.
"If the error is not fixed, we will disable your mail fetching and stop retrieving your messages from your other account," Google said. "We do not accept self-signed certificates. For a certificate to be valid it needs to chain up to a valid CA, like one in the Mozilla CA list."
So far Google has not publicly announced the change in its SSL policy via a blog update or press release.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then, he’s loved all things PC-related and cool gadgets ranging from the New Nintendo 3DS to Android tablets. He is currently a contributor at Digital Trends, writing about everything from computers to how-to content on Windows and Macs to reviews of the latest laptops from HP, Dell, Lenovo, and more.