On 2017-08-08 12:44:09 [+0200], Wolfgang Walter wrote:
> Package: libssl1.1
> Version: 1.1.0f-4
> Severity: important
> After upgrading a server to libssl1.1 1.1.0f-4 kmail on debian/stable could
> not connect to dovecot on debian/unstable any more (kmail on debian/unstable
> can't connect, either).
> Dovecot logs "... tls_process_client_hello:version too low ..."
Is this broken with kmail only or are other clients affected, too?
> Probably this is due to "Disable TLS 1.0 and 1.1".
Yes but why? studlmu.lrz.de:993 handshakes here with TLS1.2. openssl in
previous releases supports TLS1.2. So something limited it to TLS1.0
and/or 1.1 only.
> Please reactivate it. We would like to continue our policy to continously
> test debian/unstable and debian/testing on servers in our environment.
Did you limit on kmail side the connection somewhere to TLS1.0 only? If
not, does this help (patch against kio):
diff --git a/src/core/ktcpsocket.h b/src/core/ktcpsocket.h
index 75e1f8c4489a..4ff674d8abc1 100644
@@ -163,7 +163,7 @@ class KIOCORE_EXPORT KTcpSocket: public QIODevice
TlsV1_0 = TlsV1,
TlsV1_1 = 0x40,
TlsV1_2 = 0x80,
- AnySslVersion = SslV2 | SslV3 | TlsV1
+ AnySslVersion = SslV2 | SslV3 | TlsV1 | TlsV1_1 | TlsV1_2
I Cc qt/kdepim/kio folks in case they have a clue who is limmiting this.