Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Wed, 2014-10-15 at 22:10 -0700, Kevin Taggart wrote: Upgraded to 3.13.5 and can now connect with iCloud. A slight word of warning: Evo releases follow the numbering convention of other Gnome projects - i.e. the odd numbered dot releases (e.g. 3.13.x) are the development versions and the even numbered ones (3.10.x, 3.12.x etc.) are the stable versions. It is generally not recommended to use the odd releases in a production environment since they will inevitably suffer from more bugs and instability. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
Yes, I received a warning when I installed it, but it has been very stable. The odd thing is that I followed instructions to install 3.12, but got the latest dev build instead. -k On Oct 16, 2014, at 1:42 AM, Pete Biggs p...@biggs.org.uk wrote: On Wed, 2014-10-15 at 22:10 -0700, Kevin Taggart wrote: Upgraded to 3.13.5 and can now connect with iCloud. A slight word of warning: Evo releases follow the numbering convention of other Gnome projects - i.e. the odd numbered dot releases (e.g. 3.13.x) are the development versions and the even numbered ones (3.10.x, 3.12.x etc.) are the stable versions. It is generally not recommended to use the odd releases in a production environment since they will inevitably suffer from more bugs and instability. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Thu, 2014-10-16 at 09:34 +0100, Pete Biggs wrote: OK. I won't do any more investigation then. Any chance of backporting the fix to 3.10.x? Hi, the change between 3.10 and 3.12 as such cannot be backported, because the change was to use GIO streams for communication instead of managing own NSS-based streams. Nonetheless, the fix for errors like: Could not connect to 'server:993': Cannot communicate securely with peer: no common encryption algorithm(s). is simple for 3.10.x [1] (the same change can be used for 3.8.x and earlier 3.x versions as well). Ask your distribution to use the patch from the [1] and provide an update for you. Once again, 3.12.x is okay, the POODLE issue is for evolution-data-server ..., 3.6.x, 3.8.x, 3.10.x. Bye, Milan [1] https://bugzilla.redhat.com/show_bug.cgi?id=1153052#c5 ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Sat, 11 Oct 2014 12:20:06 -0700, Kevin Taggart wrote: I am experiencing a recent issue with Evolution and iCloud IMAP mail, in which I can no longer connect via the current settings auto-generated by Evolution when setting up my iCloud account. When I try to connect, I get the following error: Could not connect to 'imap.mail.me.com:993': Cannot communicate securely with peer: no common encryption algorithm(s). It is important to note that this is a recent problem, starting only last week. Prior to that, I was able to connect just fine using the same settings. I just started having the same problem with FastMail, IMAP, and Evolution. FastMail disabled SSLv3 because of the POODLE vulnerability[1][2]. I know that the problem is due to the disabling of SSLv3 because FastMail maintains an insecure host that still supports SSLv3, and if I reconfigure Evolution to use that host, things start working again. Could Apple also have disabled SSLv3 on iCloud? If this is the case, How do we tell Evolution to use something newer? ~ Bryan [1]http://blog.fastmail.fm/2014/10/15/ssl-3-0-disabled-due-to-security-vulnerability/ [2]https://blog.cloudflare.com/sslv3-support-disabled-by-default-due-to-vulnerability/ ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Wed, 2014-10-15 at 08:37 -0700, Bryan Mason wrote: I just started having the same problem with FastMail, IMAP, and Evolution. FastMail disabled SSLv3 because of the POODLE vulnerability[1][2]. I know that the problem is due to the disabling of SSLv3 because FastMail maintains an insecure host that still supports SSLv3, and if I reconfigure Evolution to use that host, things start working again. Evolution 3.10 makes wrong NSS flag choices when using IMAP-over-SSL on port 993 versus the STARTTLS capability on port 143. Use the latter method (STARTTLS) if it's available, or else upgrade to Evolution 3.12 which gets this stuff right. Matthew Barnes ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
Upgraded to 3.13.5 and can now connect with iCloud. Thx everyone for the assistance! -k On Wed, 2014-10-15 at 12:42 -0400, Matthew Barnes wrote: On Wed, 2014-10-15 at 08:37 -0700, Bryan Mason wrote: I just started having the same problem with FastMail, IMAP, and Evolution. FastMail disabled SSLv3 because of the POODLE vulnerability[1][2]. I know that the problem is due to the disabling of SSLv3 because FastMail maintains an insecure host that still supports SSLv3, and if I reconfigure Evolution to use that host, things start working again. Evolution 3.10 makes wrong NSS flag choices when using IMAP-over-SSL on port 993 versus the STARTTLS capability on port 143. Use the latter method (STARTTLS) if it's available, or else upgrade to Evolution 3.12 which gets this stuff right. Matthew Barnes ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
I too can not get my iCloud connection working from Evolution (3.10.4 on F20). The server settings for iCloud mail are at: http://support.apple.com/kb/ht4864 I do not have any iCloud server to try this on, but as there is a difference in settings for IMAP and SMTP, then I would try to use the same connection options for both. This doesn't work always, byt maybe you can just try. That means, I would use this for receiving: Encryption Method: STARTTLS after connecting Authentication Type: Login You can try to sync more values, like the Username as well, if only this won't work (I think the use of STARTTLS instead of SSL is the main difference). I've tried STARTTLS, but with no joy. However I note that on the Apple pages it says: Server name: imap.mail.me.com SSL Required: Yes If you receive errors when using SSL, try using TLS instead. Port: 993 Username: The name part of your iCloud email address Password: Your iCloud password To me that implies that you use TLS on port 993 - whereas port 993 is supposedly for IMAPS. Indeed whenever I change the encryption method to STARTTLS, Evo automatically changes the port to 143 (port 143 is NOT open on that server). I can obviously change the port back to 993, but my question is, does Evo honour that port number? Whenever I go back to the config page, the port number has been reset to 143 if I specify STARTTLS. Please note that I am well aware that STARTTLS initiates the connection in plain text before switching to encrypted and that the SSL connection negotiates the encryption on connection. I also know there is a difference between STARTTLS and TLS, but Evo does not offer a TLS option. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Tue, 2014-10-14 at 09:37 +0100, Pete Biggs wrote: To me that implies that you use TLS on port 993 - whereas port 993 is supposedly for IMAPS. Indeed whenever I change the encryption method to STARTTLS, Evo automatically changes the port to 143 (port 143 is NOT open on that server). I can obviously change the port back to 993, but my question is, does Evo honour that port number? Whenever I go back to the config page, the port number has been reset to 143 if I specify STARTTLS. Hi, yes, evolution honors the port, but it also tries to be smart, thus if you change the authentication method (from SSL/STARTTLS/None) to any other and the port itself is one of the well known, then Evolution also switches the port to the well known for the new authentication method. Using a completely different port will not change the port on its own. If I try to create a new mail account with an address a...@me.com, and let the settings look-up finish, then the revised options conform to those on the knowledge base URL you gave, with one exception. The IMAP authentication method looks garbled. When I returned back to that tab the value shown there was nothing (an empty string), while it should read PLAIN. I think it also tried to use LOGIN method (the one set for SMTP), but this is not available for IMAP, thus a no value shown in the UI. I changed the authentication type to some other than PLAIN for IMAP, and then back to PLAIN. If I click Check for supported types then the PLAIN is the only available anyway. I do not have a real account there, but I would also try to change the authentication type to the PLAIN, and to be sure to change it to another value and then back to the PLAIN. Then close start evolution. If everything fails, then you can even try to debug this. Just disable all the other IMAP accounts and run evolution from a terminal as: $ CAMEL_DEBUG=imapx:io evolution and see what is written there. This debug mode writes the raw communication between the server and the client. To get even more chatty debugging information run evolution as: $ CAMEL_DEBUG=imapx evolution Bye, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
If everything fails, then you can even try to debug this. Just disable all the other IMAP accounts and run evolution from a terminal as: $ CAMEL_DEBUG=imapx:io evolution and see what is written there. This debug mode writes the raw communication between the server and the client. To get even more chatty debugging information run evolution as: $ CAMEL_DEBUG=imapx evolution It looks like it never even gets to do any IMAP stuff: $ CAMEL_DEBUG=imapx evolution evo.debug $ more evo.debug java version 1.7.0_65 OpenJDK Runtime Environment (fedora-2.5.2.5.fc20-i386 u65-b17) OpenJDK Server VM (build 24.65-b04, mixed mode) (evolution:11636): evolution-mail-WARNING **: (mail-send-recv.c:1145):receive_update_got_folderinfo: runtime check failed: (info != NULL) (evolution:11636): evolution-mail-WARNING **: receive_update_got_folderinfo: Could not connect to 'imap.mail.me.com:993': Cannot communicate securely with peer: no common encryption algorithm(s). $ And that is it. No IMAP output at all. I'm not an SSL expert, but is there some manual way of instigating the SSL connection with the server to see what algorithms are being offered? P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
Yes I tried that. No change. Thx, -k On Oct 13, 2014, at 10:55 PM, Milan Crha mc...@redhat.com wrote: On Mon, 2014-10-13 at 07:30 -0700, Kevin Taggart wrote: Yes, I've tried that, but it didn't work. Hi, did you also close run evolution after such change? While it should ideally take the connection changes immediately, it is possible it didn't do so with your 3.10.4. Bye, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Tue, 2014-10-14 at 13:54 +0100, Pete Biggs wrote: I'm not an SSL expert, but is there some manual way of instigating the SSL connection with the server to see what algorithms are being offered? Hi, once upon a time, evolution-data-server used NSS/NSPR streams directly and was able to influence what SSL/TLS algorithms are available. The 3.12.x uses GLib (GIO) streams, which, I guess, are using something from glib-networking, which is using gnutls, at least on Fedora. Thus the place to look might be either glib-networking or gnutls itself. I'm also not an expect in this area, hopefully someone else is. Looking into evolution-data-server's code, this is the most it does these days: https://git.gnome.org/browse/evolution-data-server/tree/camel/camel-network-service.c#n630 Bye, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
Milan Crha wrote: On Tue, 2014-10-14 at 13:54 +0100, Pete Biggs wrote: I'm not an SSL expert, but is there some manual way of instigating the SSL connection with the server to see what algorithms are being offered? Pete, you may inspect them looking at a packet capture (eg. wireshark), which is what I asked Kevin if he could provide. Hi, once upon a time, evolution-data-server used NSS/NSPR streams directly and was able to influence what SSL/TLS algorithms are available. The 3.12.x uses GLib (GIO) streams, which, I guess, are using something from glib-networking, which is using gnutls, at least on Fedora. Thus the place to look might be either glib-networking or gnutls itself. I'm also not an expect in this area, hopefully someone else is. Try executing: $ gnutls-cli imap.mail.me.com -p 993 ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Tue, 2014-10-14 at 20:31 +0200, Ángel González wrote: Milan Crha wrote: On Tue, 2014-10-14 at 13:54 +0100, Pete Biggs wrote: I'm not an SSL expert, but is there some manual way of instigating the SSL connection with the server to see what algorithms are being offered? Pete, you may inspect them looking at a packet capture (eg. wireshark), which is what I asked Kevin if he could provide. I'll have a look at doing that tomorrow - too late now! Try executing: $ gnutls-cli imap.mail.me.com -p 993 That connected OK: === $ gnutls-cli imap.mail.me.com -p 993 Processed 153 CA certificate(s). Resolving 'imap.mail.me.com'... Connecting to '17.172.34.111:993'... - Certificate type: X.509 - Got a certificate list of 3 certificates. [info on 3 certificates here] - Status: The certificate is trusted. - Description: (TLS1.2-PKIX)-(RSA)-(AES-128-GCM)-(AEAD) - Session ID: - Version: TLS1.2 - Key Exchange: RSA - Cipher: AES-128-GCM - MAC: AEAD - Compression: NULL - Handshake was completed - Simple Client Mode: * OK [CAPABILITY st11p00mm-iscream010 14G XAPPLEPUSHSERVICE IMAP4 IMAP4rev1 SASL-IR AUTH=ATOKEN AUTH=PLAIN] iSCREAM ready to rumble (14G:4357) st11p00mm-iscream010 [46:4135:21:49:20:80] So I suppose I need to see what Evo is doing to see why it can't connect. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
Sorry Ángel, every attempt at capturing packets over wlan0 results in a hang and then crash of wireshark after a few seconds of attempted capture. -k On Oct 14, 2014, at 11:31 AM, Ángel González an...@16bits.net wrote: Milan Crha wrote: On Tue, 2014-10-14 at 13:54 +0100, Pete Biggs wrote: I'm not an SSL expert, but is there some manual way of instigating the SSL connection with the server to see what algorithms are being offered? Pete, you may inspect them looking at a packet capture (eg. wireshark), which is what I asked Kevin if he could provide. Hi, once upon a time, evolution-data-server used NSS/NSPR streams directly and was able to influence what SSL/TLS algorithms are available. The 3.12.x uses GLib (GIO) streams, which, I guess, are using something from glib-networking, which is using gnutls, at least on Fedora. Thus the place to look might be either glib-networking or gnutls itself. I'm also not an expect in this area, hopefully someone else is. Try executing: $ gnutls-cli imap.mail.me.com -p 993 ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Sat, 2014-10-11 at 12:20 -0700, Kevin Taggart wrote: (Receiving) Username: just my username without @domain.com (this is default and also recommended in all troubleshooting guides) Encryption Method: SSL on a dedicated port Authentication: Password ... (Sending) Encryption Method: STARTTLS after connecting Authentication Type: Login Username usern...@domain.com I can send email, just not receive it. Hi, I do not have any iCloud server to try this on, but as there is a difference in settings for IMAP and SMTP, then I would try to use the same connection options for both. This doesn't work always, byt maybe you can just try. That means, I would use this for receiving: Encryption Method: STARTTLS after connecting Authentication Type: Login You can try to sync more values, like the Username as well, if only this won't work (I think the use of STARTTLS instead of SSL is the main difference). Hope it helps, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
On Mon, 2014-10-13 at 07:30 -0700, Kevin Taggart wrote: Yes, I've tried that, but it didn't work. Hi, did you also close run evolution after such change? While it should ideally take the connection changes immediately, it is possible it didn't do so with your 3.10.4. Bye, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
Kevin Taggart wrote: Hello, I am experiencing a recent issue with Evolution and iCloud IMAP mail, in which I can no longer connect via the current settings auto-generated by Evolution when setting up my iCloud account. I can send email, just not receive it. Then it's just a problem with the IMAP connection, and SMTP is not affected I am running Evolution 3.10.4 under Ubuntu 14.04 LTS. All other networking features/functions work correctly, as did Evolution until one week ago. If anyone has any ideas, please post them. When I try to connect, I get the following error: Could not connect to 'imap.mail.me.com:993': Cannot communicate securely with peer: no common encryption algorithm(s). It is important to note that this is a recent problem, starting only last week. Prior to that, I was able to connect just fine using the same settings. It's possible that they changed their server cipher preferences, and you don't longer are able to agree on a common one. Although it seems very strange. From ssllabs scan, they appear to support: TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56 TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 TLS_RSA_WITH_RC4_128_SHA (0x5) 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128 TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256 TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56 which shouldn't be a problem under Ubuntu 14.04. I'm not sure which crypto engine is used by evolution, but If for instance it was using openssl engine, I would expect them to agree on TLS_RSA_WITH_AES_256_GCM_SHA384 (result given for OpenSSL 1.0.1h) As it uses libnss, I would expect something between TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) and TLS_RSA_WITH_AES_128_CBC_SHA (0x2f). If you can sniff that connection, we could look at which are being advertised by your evolution (only the TLS Client Hello is needed, although a few more packets may be useful too) ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
[Evolution] Evolution no longer connects with iCloud IMAP mail
Hello, I am experiencing a recent issue with Evolution and iCloud IMAP mail, in which I can no longer connect via the current settings auto-generated by Evolution when setting up my iCloud account. When I try to connect, I get the following error: Could not connect to 'imap.mail.me.com:993': Cannot communicate securely with peer: no common encryption algorithm(s). It is important to note that this is a recent problem, starting only last week. Prior to that, I was able to connect just fine using the same settings. I have read about Apple's new two-step authentication process, but do not think that is the issue for several reasons: 1. The problem started before the two-step authentication was automatically enabled. 2. I did not have it enabled prior to that (you must opt-in) 3. I tried opting-in and generated the application-specific password suggested by numerous sites as a solution (which it was not) My current auto-generated settings in Evolution are: (Receiving) Server Type: IMAP+ Server: imap.mail.me.com Port: 993 Username: just my username without @domain.com (this is default and also recommended in all troubleshooting guides) Encryption Method: SSL on a dedicated port Authentication: Password I have tried all the different authentication types listed, but none work. (Sending) Server Type: SMTP Server: smtp.mail.me.com Port: 587 Server requires authentication enabled Encryption Method: STARTTLS after connecting Authentication Type: Login Username usern...@domain.com I can send email, just not receive it. I am running Evolution 3.10.4 under Ubuntu 14.04 LTS. All other networking features/functions work correctly, as did Evolution until one week ago. If anyone has any ideas, please post them. Thx, KT ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list