Thank you Philip,
As you may have guessed I don't know an awful lot about these things.
Your answer helped me tremendously though. I started to look into why my
mail server doesn't support the more recent protocols. It turned out
that the NAS does, but not the mail server. Apparently they use
different certificates. So I need to replace the mail server's cert
(it's the default one that came with the installation) with something
that will enable TLS1.1 and 1.2. If I'm totally off here, please tell
me. Otherwise I thank you for your help.
Best regards,
Joa
Den 2016-04-14 kl. 09:08, skrev Philip Whitehouse:
Android 6.0 uses BoringSSL which enforces a minimum default DiffieHelman length
(BAD_DH_P_LENGTH) to mitigate the LogJam attack.
I would guess that Gmail disables this. We probably could but we don't. I'm not
sure it's a good idea.
We have existing issues open to improve the errors we give - I'll make sure
this instance is covered.
I think upgrading the software your email server runs should fix this - the
servers use some default parameters I believe.
If you wanted to change your setup you definitely could improve it - e.g. SSLv3
is broken and all clients should refuse to use it.
On April 14, 2016 7:36:21 AM GMT+01:00, Joa H <[email protected]> wrote:
Hi
K-9 won´t connect after upgrading to Android 6.0, I get the below
exception. This didn't happen before. Incidentally MailWise also does
not
work since then. I tried Gmail and that works, so I'm not sure where
the
problem lies. I've tried to find something on this problem, but haven't
found much. There are suggestions that it might be the server not
supporting necessary protocols or cipher suites, but why then does
Gmail
work?
My IMAP server has a (since 2011 expired) self signed certificate
(which
worked fine til now). An SSL check reveals that TLS1.0 and SSLv3 are
supported and the following ciphers:
TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
TLS_RSA_WITH_RC4_128_MD5 (0x0004)
TLS_RSA_WITH_RC4_128_SHA (0x0005)
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
TLS_RSA_WITH_DES_CBC_SHA (0x0009)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A)
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
I would be grateful for any tips.
The exception:
K9-Mail version: 5.010
Device make: Sony
Device model: E6653
Android version: 6.0
com.fsck.k9.mail.MessagingException: IO Error
at
com.fsck.k9.mail.store.ImapStore$ImapFolder.ioExceptionHandler(ImapStore.java:2208)
at
com.fsck.k9.mail.store.ImapStore$ImapFolder.internalOpen(ImapStore.java:947)
at
com.fsck.k9.mail.store.ImapStore$ImapFolder.open(ImapStore.java:867)
at
com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:1041)
at
com.fsck.k9.controller.MessagingController.access$400(MessagingController.java:111)
at
com.fsck.k9.controller.MessagingController$8.run(MessagingController.java:934)
at
com.fsck.k9.controller.MessagingController.run(MessagingController.java:435)
at java.lang.Thread.run(Thread.java:818)
Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed
at
com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396)
at
com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
at
com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
at
com.fsck.k9.mail.store.ImapStore$ImapConnection.open(ImapStore.java:2460)
at
com.fsck.k9.mail.store.ImapStore$ImapConnection.sendCommand(ImapStore.java:2872)
at
com.fsck.k9.mail.store.ImapStore$ImapConnection.executeSimpleCommand(ImapStore.java:2921)
at
com.fsck.k9.mail.store.ImapStore$ImapConnection.executeSimpleCommand(ImapStore.java:2902)
at
com.fsck.k9.mail.store.ImapStore$ImapFolder.executeSimpleCommand(ImapStore.java:858)
at
com.fsck.k9.mail.store.ImapStore$ImapFolder.internalOpen(ImapStore.java:904)
... 6 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted:
ssl=0x7f41039300: Failure in SSL library, usually a protocol error
error:100c1069:SSL
routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH
(external/boringssl/src/ssl/s3_clnt.c:1193 0x7f73563518:0x00000000)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native
Method)
at
com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
... 14 more
--
--
You received this message because you are subscribed to the K-9 Mail
Users List.
To post to this group, send email to [email protected]
To unsubscribe, email [email protected]
To report an issue with K-9 Mail, visit
http://code.google.com/p/k9mail/issues/list
For more options, visit this group at
http://groups.google.com/group/k-9-mail
---
You received this message because you are subscribed to the Google
Groups "K-9 Mail" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
Best regards,
Philip Whitehouse
--
--
You received this message because you are subscribed to the K-9 Mail Users List.
To post to this group, send email to [email protected]
To unsubscribe, email [email protected]
To report an issue with K-9 Mail, visit
http://code.google.com/p/k9mail/issues/list
For more options, visit this group at http://groups.google.com/group/k-9-mail
---
You received this message because you are subscribed to the Google Groups "K-9 Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
