Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
Package: fetchmail Followup-For: Bug #872754 Hello. 6.4.0 contains the fix and 6.4.16 is in stable. Do the reporter and the maintainer agree to close this bug, or am I missing something?
Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
> > If you can reproduce the issue, please install debug symbols and get me > > a stack backtrace. Apologizes for the delay, I had completely forgotten the previous mail. Version 6.4.0~beta4-3 seems to fix the issue. With the same settings than above, it produces no error message and receives mails correctly. Thanks for your work on fetchmail.
Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
On Fri, 21 Jun 2019 11:44:28 +0200 Matthias Andree wrote: > On Sat, 27 Oct 2018 20:16:17 +0200 Nicolas Boulenguez > wrote: > > Package: fetchmail > > Followup-For: Bug #872754 > > > > Hello. > > I have tried 6.4.0~beta4-1 in experimental. > > This resulted in: > > > > reading message for *:1 among * flushed > > (maybe unrelated) show_signal_msg: 1 callbacks suppressed > > fetchmail: segfault at 14 ip 560d2f73a718 sp 7ffe8242c790 > error 6 in fetchmail[560d2f716000+44000] > > > > Feel free to contact me if you want to reproduce the issue. > > Nicolas, > > If you can reproduce the issue, please install debug symbols and get me > a stack backtrace. Merci d'avance. > > Regards, > Matthias Nicolas, can you reproduce this and get me a stack backtrace? I need to urge a bit since I need to release 6.4.0 soonish and would want to fix a crasher bug... Merci. Regards, Matthias signature.asc Description: OpenPGP digital signature
Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
On Sat, 27 Oct 2018 20:16:17 +0200 Nicolas Boulenguez wrote: > Package: fetchmail > Followup-For: Bug #872754 > > Hello. > I have tried 6.4.0~beta4-1 in experimental. > This resulted in: > > reading message for *:1 among * flushed > (maybe unrelated) show_signal_msg: 1 callbacks suppressed > fetchmail: segfault at 14 ip 560d2f73a718 sp 7ffe8242c790 error 6 in fetchmail[560d2f716000+44000] > > Feel free to contact me if you want to reproduce the issue. Nicolas, If you can reproduce the issue, please install debug symbols and get me a stack backtrace. Merci d'avance. Regards, Matthias
Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
Package: fetchmail Followup-For: Bug #872754 Hello. I have tried 6.4.0~beta4-1 in experimental. This resulted in: reading message for *:1 among * flushed (maybe unrelated) show_signal_msg: 1 callbacks suppressed fetchmail: segfault at 14 ip 560d2f73a718 sp 7ffe8242c790 error 6 in fetchmail[560d2f716000+44000] Feel free to contact me if you want to reproduce the issue. ii libgssapi-krb5-2 1.16.1-1 ii libk5crypto3 1.16.1-1 ii libkrb5-3 1.16.1-1 ii libssl1.1 1.1.1-1 ii ca-certificates 20170717 pn fetchmailconf pn resolvconf /etc/default/fetchmail changed set no bouncemail defaults: antispam -1 batchlimit 100 poll * protocol pop3 user "*" there password "*" is "*" here options fetchall ssl sslcertck
Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
Please check and report back if this is fixed in 6.4.0~beta4-1 (experimental).
Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
I hit this bug/feature too. After upgrading fetchmail to 6.3.26-3, some inboxes were silently ignored. The usual error emails from fetchmail were not sent. I only discovered this several weeks later :( Debugging shows: $ apt-cache policy fetchmail fetchmail: Installed: 6.3.26-3 Candidate: 6.3.26-3 Version table: *** 6.3.26-3 500 500 http://ftp.de.debian.org/debian stretch/main amd64 Packages 500 http://ftp.de.debian.org/debian sid/main amd64 Packages 100 /var/lib/dpkg/status 6.3.26-1+b1 500 500 http://ftp.de.debian.org/debian jessie/main amd64 Packages $ fetchmail -c -v -v -v Old UID list from email-server: Old UID list from localhost: Scratch list of UIDs: fetchmail: --check mode enabled, not fetching mail fetchmail: 6.3.26 querying email-server (protocol IMAP) at Tue 10 Oct 2017 10:33:30 AM CEST: poll started Trying to connect to 10.0.0.1/993...connected. fetchmail: OpenSSL reported: error:1417118C:SSL routines:tls_process_server_hello:version too low fetchmail: SSL connection failed. fetchmail: socket error while fetching from user@email-server fetchmail: 6.3.26 querying email-server (protocol IMAP) at Tue 10 Oct 2017 10:33:30 AM CEST: poll completed Merged UID list from email-server: fetchmail: 6.3.26 querying localhost (protocol IMAP) at Tue 10 Oct 2017 10:33:30 AM CEST: poll started OpenSSL shows that the server is using TLSv1: $ openssl s_client -host 10.0.0.1 -port 993 CONNECTED(0003) No client certificate CA names sent Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1286 bytes and written 310 bytes Verification error: unable to verify the first certificate --- New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher: ECDHE-RSA-AES256-SHA Session-ID: 6E1A980314FC8F72FAE53500BA7018F4FDE74E04C428AD573A1CF5259CA8 Session-ID-ctx: Master-Key: 9532468A10452BCCB3812E8219DA407B01FC5303D5FFB4D934D6D7A9B1BC929D4A846D233EAB779C01367D6511CB7C01 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1507625022 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: yes --- * OK The Microsoft Exchange IMAP4 service is ready. Downgrading to fetchmail to 6.3.26-1+b1 is a workaround, as is adding --sslproto TLS1 command line parameter. fetchmail should really fail more loudly when there are ssl problems. -Mikko
Bug#872754: fetchmail: tls_process_server_hello:unsupported protocol
Package: fetchmail Version: 6.3.26-3 Severity: important After updating libssl1.1 to version 1.1.0f-4 fetchmail refuse to connect by IMAP to a set of my mailboxes with the error: localhost fetchmail[3635]: OpenSSL reported: error:14171102:SSL routines:tls_process_server_hello:unsupported protocol localhost fetchmail[3635]: SSL connection failed. I found that the similar error (#871918) was reported to libssl1.1 package but it was closed. First of all I think that such changes in library as disabling TLS 1.0 and 1.1 must be reported in apt-listchanges I resolved this issue by adding option "sslproto 'TLS1'" in fetchmailrc. So my second point is following. Is it correct to remove the obsolete non-secure protocols without even a hint to a reasons? Is my connection now is more secure? What should I do as user of mailbox? If I send a mail to the system administrator with diagnostic like in above of this letter it will be rejected because it is my problem. Is it possible to add to the error the version of protocol from the server side with mark in case of insecurity? Thank you. Yu. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages fetchmail depends on: ii adduser 3.116 ii debianutils 4.8.2 ii libc6 2.24-12 ii libcomerr21.43.5-1 ii libgssapi-krb5-2 1.15.1-2 ii libk5crypto3 1.15.1-2 ii libkrb5-3 1.15.1-2 ii libssl1.1 1.1.0f-4 ii lsb-base 9.20161125 Versions of packages fetchmail recommends: ii ca-certificates 20161130+nmu1 Versions of packages fetchmail suggests: ii exim4-daemon-light [mail-transport-agent] 4.89-5 ii fetchmailconf 6.3.26-3 ii resolvconf 1.79 -- Configuration Files: /etc/default/fetchmail changed: export LC_ALL=C START_DAEMON=yes -- no debconf information