Howdy,
On Sun, 3 May 2020, Βασίλειος A. Ζοῦκος wrote:
To be more precise:
On the same machine with the same debian distribution, I retain two
executable versions for alpine:
1. alpine ver. 2.20
2. alpine ver. 2.22
Using the same alpine configuration (for ver 2.20, 2.22):
1. I am able to connect via TLS to imap/smtp servers and perform all the
e-mail tasks using alpine ver. 2.20
2. I can't connect via TLS to the same imap/smtp servers using alpine
2.22.
Attached are parts of the pine-debug files produced by the command:
alpine_2_XX -d 9 (XX=20,22)
Many thanks,
Thank you for including logs! The important line from the latter is as follows:
sslfailure: host=imap.otenet.gr reason=SSL negotiation failed
Unfortunately that's not a lot of detail, so it's useful to use testssl or
`openssl s_client` to check what's going on here.
From that, I got
routines:ssl_choose_client_version:unsupported
protocol:../ssl/statem/statem_lib.c:1929:
as well as testssl noting a few things that weren't favorable, such as a SHA1
cert, offering SSLv3 and TLSv1, etc. Alpine had a bunch of changes with
regards to TLS in the last release, namely for me it added SNI support, and I
wonder if it's now more strict.
This sounds like something one might want to contact upstream about, I don't
think I've noticed anything on the list regarding an issue like this, though I
could have missed it.
~Unit 193
Unit193 @ freenode
Unit193 @ OFTC