I updated one of my Debian testing machines earlier today, and now
offlineimap cannot connect to at least two imap servers.
I appears to be a problem with libssl1.1 and openssl.1.0f-4 which have
*disabled* (!) TLS 1.0 and 1.1 : no possibility to switch then back on
as far as I know.
To quote part of the changelog:-
[ Kurt Roeckx ]
* Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
version. This will likely break things, but the hope is that by
the release of Buster everything will speak at least TLS 1.2. This will be
reconsidered before the Buster release.
-- Kurt Roeckx <[email protected]> Mon, 07 Aug 2017 01:08:45 +0200
Can someone else confirm that this is a correct diagnosis? Here is a
sample crash:
*** Processing account xxxx
Establishing connection to imap.nexus.somewhere:993
ERROR: Unknown SSL protocol connecting to host 'imap.nexus.somewhere' for
repository 'oRe
mote'. OpenSSL responded:
[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:661)
*** Finished account 'xxxx' in 0:00
ERROR: Exceptions occurred during the run!
ERROR: Unknown SSL protocol connecting to host 'imap.nexus.somwhere' for
repository 'oRemo
te'. OpenSSL responded:
[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:661)
Traceback:
File "/usr/local/lib/python2.7/dist-packages/offlineimap/accounts.py", line
273, in sync
runner
self.__sync()
File "/usr/local/lib/python2.7/dist-packages/offlineimap/accounts.py", line
336, in __sy
nc
remoterepos.getfolders()
File "/usr/local/lib/python2.7/dist-packages/offlineimap/repository/IMAP.py",
line 413,
in getfolders
imapobj = self.imapserver.acquireconnection()
File "/usr/local/lib/python2.7/dist-packages/offlineimap/imapserver.py", line
592, in ac
quireconnection
exc_info()[2])
File "/usr/local/lib/python2.7/dist-packages/offlineimap/imapserver.py", line
508, in ac
quireconnection
af=self.af,
File "/usr/local/lib/python2.7/dist-packages/offlineimap/imaplibutil.py",
line 193, in _
_init__
super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs)
File
"/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line
2135
, in __init__
IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout,
debug_buf_lvl
)
File
"/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line
357,
in __init__
self.open(host, port)
File "/usr/local/lib/python2.7/dist-packages/offlineimap/imaplibutil.py",
line 201, in open
super(WrappedIMAP4_SSL, self).open(host, port)
File
"/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line
2148, in open
self.ssl_wrap_socket()
File
"/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line
522, in ssl_wrap_socket
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
ca_certs=self.ca_certs, cert_reqs=cert_reqs, ssl_version=ssl_version)
File "/usr/lib/python2.7/ssl.py", line 943, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 611, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
Here is an extract from /var/log/dpkg:-
2017-08-14 16:45:48 configure libssl1.1:i386 1.1.0f-4 <none>
2017-08-14 16:45:48 status triggers-pending libc-bin:i386 2.24-12
2017-08-14 16:45:48 status unpacked libssl1.1:i386 1.1.0f-4
2017-08-14 16:45:48 status half-configured libssl1.1:i386 1.1.0f-4
2017-08-14 16:45:50 status installed libssl1.1:i386 1.1.0f-4
...
2017-08-14 16:45:50 configure openssl:i386 1.1.0f-4 <none>
2017-08-14 16:45:50 status unpacked openssl:i386 1.1.0f-4
2017-08-14 16:45:50 status unpacked openssl:i386 1.1.0f-4
2017-08-14 16:45:50 status half-configured openssl:i386 1.1.0f-4
2017-08-14 16:45:50 status installed openssl:i386 1.1.0f-4
-----------------------------------------------------------------------
How are we supposed to read our email when we have no control over
the imap servers? I imagine that many are configured to handle "legacy"
systems.
I also wonder how we are supposed to communicate with devices where we
have no access to firmware which also only support older versions?
Or have I misunderstood what is happening?
ael
_______________________________________________
OfflineIMAP-project mailing list: [email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project
OfflineIMAP homepages:
- https://github.com/OfflineIMAP
- http://offlineimap.org
