But that's not something I would like to use, as it defeats the purpose of using SSL in the first place. So I'm still wondering if something changed in 1.17.0-1318 regarding SSL or user-installed certificates.
Well (1) - the app has a feature (in settings / network) to track certificate changes if you're worried about MITM.
Well (2) - using a certificate that is trusted by the OS (without having to rely on installing "user" CA certs) would seem like a good idea in any case.
Well (3) - we did tweak ciphers to stop the app from sending "TLS_FALLBACK_SCSV" which was a bug and prevented connecting to TLS 1.3 capable servers - when "SSL hardening" setting was enabled:
https://www.aqua-mail.com/forum/index.php?topic=6824.msg41369#msg41369In terms of *certificate* trust - nothing's changed to my knowledge.
We still use these three lines of code to create sockets (as ever before):
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(km, null, null);
return sslContext.getSocketFactory();
Can you try turning off app settings -> network -> SSL hardening? To see if it would make "SSL strict" work again?
When SSL hardening is OFF - we enable some additional ciphers for compatibility but overall "mess with" SSL stuff much less.