The sylpheed mailer uses SSLv23_client_method to establish the imap/smtp
connections. My mailserver seems to understand only SSLv3. If I connect
manually using the commandline client, sslv2 fails while sslv3 seems to
work.
The sslv2 output is as follows:
$ openssl s_client -ssl2 -connect mailbox.rwth-aachen.de:993
CONNECTED(00000003)
139651264628368:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake
failure:s2_pkt.c:429:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 48 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1389010802
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
If I use -ssl3, the connection is established correctly. Sylpheed
however, which uses SSL_CTX_new(SSLv23_client_method()) fails with
SSL_connect() failed with error 1, ret = -1 (error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure)
I would like to tell openssl to enforce sslv3 only for that host as a
temporary workaround, is it possible to globally configure openssl in
that way or would I have to patch sylpheed until the issue is resolved?
Best regards
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
