Posts Tagged ‘ssl’

Update: Make Gmail Use SSL Permanently

August 27, 2008

Further to the previous post regarding how to set up GMail to force SSL throughout the email session, I noticed that I was having sporadic problems using the Gmail App on my mobile phone (The Gmail App is highly recommended, by the way).

It turns out that this is a known problem with the Gmail for Mobile application, but the fix is simple.

Go into the Gmail for Mobile App settings (on my phone it was in Menu > Go to > Settings), and uncheck the box that says “Always keep me signed in”.

Then make sure you select the option that says “Always use secure network connections (slower performance)” by enabling the check box beside that option.

Select “Save”, then Menu > Exit Gmail.

Now you can restart the Gmail App, sign in using your username and password, and re-select the option in the menu to keep you logged in (Menu > Go to > Settings, and then put a check mark in the box that says “Always keep me signed in”).

Since I made these changes I haven’t had any problems, and I haven’t noticed that the connection is any slower over my EDGE connection than it was before.

Tags:, , , ,
Posted in Uncategorized | Leave a Comment »

Turn on permanent SSL for Gmail

August 20, 2008

Mike Perry of San Fransisco has developed a tool to break into Gmail accounts that are not using an SSL connection.  He presented details of his creation at Defcon 16, and is planning to release the tool over the next two weeks.

Part of the problem arises because when you go to the Gmail login page, the system logs you in using SSL, but then reverts back to an unencrypted connection to transfer the rest of the data to you.

To change the settings in Gmail permanently:

Log into your account using https://mail.google.com.
Click on “Settings” on the top right hand corner of the page.
Scroll down to the bottom of the page and find the “Browser Connection” option.
Select the option “Always use https”
Click “Save Changes”

Google also notes that it is important to end each of your Gmail sessions by clicking Sign out at the top of any Gmail page and to close all Gmail browser windows.

There is currently no free fix for users who use Gmail with their own domain.

Mike Perry writes more about why Google’s “fix” is not adequate given the threat.

Update August 27,2008:  Also read about how this affects the “Gmail for Mobile” application here.

Tags:, , ,
Posted in Uncategorized | Leave a Comment »

Follow

Get every new post delivered to your Inbox.