1. The specific steps or actions you took that caused you to encounter the problem.
a. Go to Gnome Online Accounts and add a Google Apps Account (in my case nyu.edu) b. After entering the email address see the following error: Error performing TLS handshake: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). c. Use update-crypto-policies to change setting to LEGACY and EMPTY then repeating step A d. Attempted the connection again. 2. The behavior you expected. I would have expected to be able to connect under LEGACY or EMPTY. Or, alternatively, I would have expected a different error message (since by definition LEGACY would have accepted the shorter prime and EMPTY wouldn't have needed it). 3. The behavior you actually encountered (in as much detail as possible). See that the error message still talks about "not long enough" in all 3 cases. If you check the duplicate cases you will see that as of 20.04 connections are failing because of weak crypto. The only workaround is to tell the local system to lower its standards (LEGACY or NONE) until the people running the server get their act together. But, since the error message remains constant, even when the setting has been changed, it looks like the mechanism running Online Accounts might not be referencing the setting like it should. Now, it could just as likely be a poorly worded error message. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-online-accounts in Ubuntu. https://bugs.launchpad.net/bugs/1872778 Title: update-crypto-policies not affecting Gnome Online Accounts Status in gnome-online-accounts package in Ubuntu: Incomplete Status in gnutls28 package in Ubuntu: Confirmed Bug description: -crypto-policies 20190816git-1 -gnome-online-accounts 3.36.0-1ubuntu1 Changing between DEFAULT, LEGACY, and EMPTY has no affect on attempts to connect to accounts through Online Accounts. Changing to LEGACY or EMPTY should at least change the following error: Error performing TLS handshake: The Diffie-Hellman prime sent by the server is not acceptable (not long enough). Under either LEGACY or EMPTY the (not long enough) error is nonsensical. The persistence of the incorrect error message could imply that gnome-online-accounts is not respecting settings made by crypto-policies. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-online-accounts/+bug/1872778/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
