when Evolution does "when-possible" mode, it sets TLS1 as the preferred
encryption type on the libnss socket, so I have no idea why it would be
using something else.
you can check the code yourself at:
evolution-data-server/camel/providers/imap/camel-imap-store.c:connect_to_server()
and
evolution-data-server/camel/providers/pop3/camel-pop3-store.c:connect_to_server()
you'll find:
if (ssl_mode != MODE_CLEAR) {
#ifdef HAVE_SSL
if (ssl_mode == MODE_TLS) {
tcp_stream = camel_tcp_stream_ssl_new_raw
(service->session, service->url->host, STARTTLS_FLAGS);
} else {
tcp_stream = camel_tcp_stream_ssl_new
(service->session, service->url->host, SSL_PORT_FLAGS);
}
#else
camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
_("Could not connect to %s: %s"),
service->url->host, _("SSL unavailable"));
return FALSE;
#endif /* HAVE_SSL */
} else {
tcp_stream = camel_tcp_stream_raw_new ();
}
in your setup, 'mode' will be MODE_TLS and STARTTLS_FLAGS is #defined as
the following:
#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
then take a look at:
evolution-data-server/camel/camel-tcp-stream-ssl.c:enable_ssl() which
converts a normal tcp socket into an SSL-enabled socket
you'll see that ONLY the TLS1 option will be enabled and everything else
will be explicitly disabled.
so if there's a bug in evolution, I'm not seeing it (also, it works for
me).
Only ideas I have are:
1. your mozilla-nss packages are buggy
2. you compiled evolution to use the unsupported OpenSSL implementation
(which I'm surprised even compiles) instead of the mozilla-nss libs
Jeff
On Tue, 2005-05-03 at 13:13 +0200, Sheldon Hearn wrote:
> Hi folks,
>
> Anyone have a chance to look at this?
>
> Ciao,
> Sheldon.
> message/rfc822 attachment, "Forwarded message - Bug in TLS for POP3
> and IMAP"
> On Tue, 2005-05-03 at 13:13 +0200, Sheldon Hearn wrote:
> > Hi folks,
> >
> > I think I've encountered a bug in evolution-2.0.3's POP3 TLS handling.
> >
> > I've configure Evolution to use SSL "Whenever possible", so that it
> > connects to port 110 and then issues the STLS command. This works for
> > SMTP, but for POP3 or IMAP I get:
> >
> > Error while Fetching Mail.
> >
> > Failed to connect to POP server pop.clue.co.za in secure mode:
> > SSL negotiations failed.
> >
> > The courier-imapd / courier-pop3d shared log file shows this:
> >
> > pop3d: couriertls: accept: error:1408F10B:SSL
> > routines:SSL3_GET_RECORD:wrong version number
> >
> > I've seen posts on other mailing lists that suggest that this error is
> > caused by a client trying to use SSL2/SSL3 instead of TLS1 after the
> > STLS command.
> >
> > I've tested the same account using the following fetchmail
> > configuration:
> >
> > poll pop.clue.co.za protocol pop3
> > username [EMAIL PROTECTED]
> > password XXXXX
> > sslproto tls1
> > keep
> >
> > Fetchmail works. I've attached Ethereal stream dump showing the
> > difference between Evolution's conversation with the server and
> > fetchmail's conversation with the server. In each dump, data from the
> > client is indented, and everything after STLS is given as an hex dump.
> >
> > Any ideas?
> >
> > Ciao,
> > Sheldon.
> >
> > text/plain attachment (evolution.txt)
> > +OK Hello there.
> > CAPA
> > +OK Here's what I can do:
> > STLS
> > TOP
> > USER
> > LOGIN-DELAY 10
> > PIPELINING
> > UIDL
> > IMPLEMENTATION Courier Mail Server
> > _______________________________________________
> > evolution maillist - [email protected]
> > http://lists.ximian.com/mailman/listinfo/evolution
> >
_______________________________________________
evolution maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/evolution
