The sylpheed mailer uses SSLv23_client_method to establish the imap/smtp connections. My mailserver seems to understand only SSLv3. If I connect manually using the commandline client, sslv2 fails while sslv3 seems to work.
The sslv2 output is as follows: $ openssl s_client -ssl2 -connect mailbox.rwth-aachen.de:993 CONNECTED(00000003) 139651264628368:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 48 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1389010802 Timeout : 300 (sec) Verify return code: 0 (ok) --- If I use -ssl3, the connection is established correctly. Sylpheed however, which uses SSL_CTX_new(SSLv23_client_method()) fails with SSL_connect() failed with error 1, ret = -1 (error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) I would like to tell openssl to enforce sslv3 only for that host as a temporary workaround, is it possible to globally configure openssl in that way or would I have to patch sylpheed until the issue is resolved? Best regards ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List email@example.com Automated List Manager majord...@openssl.org