Android 6.0 uses BoringSSL which enforces a minimum default DiffieHelman length (BAD_DH_P_LENGTH) to mitigate the LogJam attack.
I would guess that Gmail disables this. We probably could but we don't. I'm not sure it's a good idea. We have existing issues open to improve the errors we give - I'll make sure this instance is covered. I think upgrading the software your email server runs should fix this - the servers use some default parameters I believe. If you wanted to change your setup you definitely could improve it - e.g. SSLv3 is broken and all clients should refuse to use it. On April 14, 2016 7:36:21 AM GMT+01:00, Joa H <[email protected]> wrote: >Hi > >K-9 won´t connect after upgrading to Android 6.0, I get the below >exception. This didn't happen before. Incidentally MailWise also does >not >work since then. I tried Gmail and that works, so I'm not sure where >the >problem lies. I've tried to find something on this problem, but haven't > >found much. There are suggestions that it might be the server not >supporting necessary protocols or cipher suites, but why then does >Gmail >work? > >My IMAP server has a (since 2011 expired) self signed certificate >(which >worked fine til now). An SSL check reveals that TLS1.0 and SSLv3 are >supported and the following ciphers: >TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) >TLS_RSA_WITH_RC4_128_MD5 (0x0004) >TLS_RSA_WITH_RC4_128_SHA (0x0005) >TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) >TLS_RSA_WITH_DES_CBC_SHA (0x0009) >TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A) >TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) >TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) >TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) >TLS_RSA_WITH_AES_128_CBC_SHA (0x002F) >TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) > >I would be grateful for any tips. > >The exception: > >K9-Mail version: 5.010 >Device make: Sony >Device model: E6653 >Android version: 6.0 > >com.fsck.k9.mail.MessagingException: IO Error > at >com.fsck.k9.mail.store.ImapStore$ImapFolder.ioExceptionHandler(ImapStore.java:2208) > at >com.fsck.k9.mail.store.ImapStore$ImapFolder.internalOpen(ImapStore.java:947) > at >com.fsck.k9.mail.store.ImapStore$ImapFolder.open(ImapStore.java:867) > at >com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:1041) > at >com.fsck.k9.controller.MessagingController.access$400(MessagingController.java:111) > at >com.fsck.k9.controller.MessagingController$8.run(MessagingController.java:934) > at >com.fsck.k9.controller.MessagingController.run(MessagingController.java:435) > at java.lang.Thread.run(Thread.java:818) >Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed > at >com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396) > at >com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629) > at >com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591) > at >com.fsck.k9.mail.store.ImapStore$ImapConnection.open(ImapStore.java:2460) > at >com.fsck.k9.mail.store.ImapStore$ImapConnection.sendCommand(ImapStore.java:2872) > at >com.fsck.k9.mail.store.ImapStore$ImapConnection.executeSimpleCommand(ImapStore.java:2921) > at >com.fsck.k9.mail.store.ImapStore$ImapConnection.executeSimpleCommand(ImapStore.java:2902) > at >com.fsck.k9.mail.store.ImapStore$ImapFolder.executeSimpleCommand(ImapStore.java:858) > at >com.fsck.k9.mail.store.ImapStore$ImapFolder.internalOpen(ImapStore.java:904) > ... 6 more >Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: >ssl=0x7f41039300: Failure in SSL library, usually a protocol error >error:100c1069:SSL >routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH >(external/boringssl/src/ssl/s3_clnt.c:1193 0x7f73563518:0x00000000) > at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native >Method) > at >com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) > ... 14 more > > >-- >-- >You received this message because you are subscribed to the K-9 Mail >Users List. >To post to this group, send email to [email protected] >To unsubscribe, email [email protected] >To report an issue with K-9 Mail, visit >http://code.google.com/p/k9mail/issues/list >For more options, visit this group at >http://groups.google.com/group/k-9-mail > >--- >You received this message because you are subscribed to the Google >Groups "K-9 Mail" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to [email protected]. >For more options, visit https://groups.google.com/d/optout. Best regards, Philip Whitehouse -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
pgpM1em61O7nr.pgp
Description: PGP signature
