I would expect it to be resolved by upgrading the software on your mail server, yes.
-Philip On April 14, 2016 7:19:51 PM GMT+01:00, Joakim Hirsch <[email protected]> wrote: >Thank you Philip, > >As you may have guessed I don't know an awful lot about these things. >Your answer helped me tremendously though. I started to look into why >my >mail server doesn't support the more recent protocols. It turned out >that the NAS does, but not the mail server. Apparently they use >different certificates. So I need to replace the mail server's cert >(it's the default one that came with the installation) with something >that will enable TLS1.1 and 1.2. If I'm totally off here, please tell >me. Otherwise I thank you for your help. > >Best regards, >Joa > >Den 2016-04-14 kl. 09:08, skrev Philip Whitehouse: >> Android 6.0 uses BoringSSL which enforces a minimum default >DiffieHelman length (BAD_DH_P_LENGTH) to mitigate the LogJam attack. >> >> I would guess that Gmail disables this. We probably could but we >don't. I'm not sure it's a good idea. >> >> We have existing issues open to improve the errors we give - I'll >make sure this instance is covered. >> >> I think upgrading the software your email server runs should fix this >- the servers use some default parameters I believe. >> >> If you wanted to change your setup you definitely could improve it - >e.g. SSLv3 is broken and all clients should refuse to use it. >> >> >> On April 14, 2016 7:36:21 AM GMT+01:00, Joa H <[email protected]> >wrote: >>> Hi >>> >>> K-9 won´t connect after upgrading to Android 6.0, I get the below >>> exception. This didn't happen before. Incidentally MailWise also >does >>> not >>> work since then. I tried Gmail and that works, so I'm not sure where >>> the >>> problem lies. I've tried to find something on this problem, but >haven't >>> >>> found much. There are suggestions that it might be the server not >>> supporting necessary protocols or cipher suites, but why then does >>> Gmail >>> work? >>> >>> My IMAP server has a (since 2011 expired) self signed certificate >>> (which >>> worked fine til now). An SSL check reveals that TLS1.0 and SSLv3 are >>> supported and the following ciphers: >>> TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) >>> TLS_RSA_WITH_RC4_128_MD5 (0x0004) >>> TLS_RSA_WITH_RC4_128_SHA (0x0005) >>> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) >>> TLS_RSA_WITH_DES_CBC_SHA (0x0009) >>> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A) >>> TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) >>> TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) >>> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) >>> TLS_RSA_WITH_AES_128_CBC_SHA (0x002F) >>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) >>> >>> I would be grateful for any tips. >>> >>> The exception: >>> >>> K9-Mail version: 5.010 >>> Device make: Sony >>> Device model: E6653 >>> Android version: 6.0 >>> >>> com.fsck.k9.mail.MessagingException: IO Error >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapFolder.ioExceptionHandler(ImapStore.java:2208) >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapFolder.internalOpen(ImapStore.java:947) >>> at >>> com.fsck.k9.mail.store.ImapStore$ImapFolder.open(ImapStore.java:867) >>> at >>> >com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:1041) >>> at >>> >com.fsck.k9.controller.MessagingController.access$400(MessagingController.java:111) >>> at >>> >com.fsck.k9.controller.MessagingController$8.run(MessagingController.java:934) >>> at >>> >com.fsck.k9.controller.MessagingController.run(MessagingController.java:435) >>> at java.lang.Thread.run(Thread.java:818) >>> Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed >>> at >>> >com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:396) >>> at >>> >com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629) >>> at >>> >com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591) >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapConnection.open(ImapStore.java:2460) >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapConnection.sendCommand(ImapStore.java:2872) >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapConnection.executeSimpleCommand(ImapStore.java:2921) >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapConnection.executeSimpleCommand(ImapStore.java:2902) >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapFolder.executeSimpleCommand(ImapStore.java:858) >>> at >>> >com.fsck.k9.mail.store.ImapStore$ImapFolder.internalOpen(ImapStore.java:904) >>> ... 6 more >>> Caused by: javax.net.ssl.SSLProtocolException: SSL handshake >aborted: >>> ssl=0x7f41039300: Failure in SSL library, usually a protocol error >>> error:100c1069:SSL >>> routines:ssl3_get_server_key_exchange:BAD_DH_P_LENGTH >>> (external/boringssl/src/ssl/s3_clnt.c:1193 0x7f73563518:0x00000000) >>> at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native >>> Method) >>> at >>> >com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) >>> ... 14 more >>> >>> >>> -- >>> -- >>> You received this message because you are subscribed to the K-9 Mail >>> Users List. >>> To post to this group, send email to [email protected] >>> To unsubscribe, email [email protected] >>> To report an issue with K-9 Mail, visit >>> http://code.google.com/p/k9mail/issues/list >>> For more options, visit this group at >>> http://groups.google.com/group/k-9-mail >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "K-9 Mail" group. >>> To unsubscribe from this group and stop receiving emails from it, >send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >> Best regards, >> >> Philip Whitehouse > >-- >-- >You received this message because you are subscribed to the K-9 Mail >Users List. >To post to this group, send email to [email protected] >To unsubscribe, email [email protected] >To report an issue with K-9 Mail, visit >http://code.google.com/p/k9mail/issues/list >For more options, visit this group at >http://groups.google.com/group/k-9-mail > >--- >You received this message because you are subscribed to the Google >Groups "K-9 Mail" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to [email protected]. >For more options, visit https://groups.google.com/d/optout. Best regards, Philip Whitehouse -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
