Re: [Evolution] TLS handshake
On Mon, 2021-05-24 at 08:18 +1000, Dean Davis wrote: > Hi > > thank you, ( update-crypto-policies --set DEFAULT:FEDORA32 ) worked > > Glad it worked. But as I said this is indicative of your mail provider using old and insecure protocols. You need to ask them to update their SSL configuration (or update their software). Looking at my server logs, I see 3 or 4 probes a day looking for outdated algorithms - many of the probes come from hosts with names like "security-research.com": they may, or may not, be bona fide "Research" companies, but things are being probed for. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] TLS handshake
On 2021-05-24 at 07:27 +1000, Dean Davis wrote: > Hi > > upgraded Fedora 33 to 34, On opening evolution can not connect to EWS > account without a SSL Certificate for Blah is not Trusted. > > Reason: Error performing TLS handshake: One of the involved > algorithms has insufficient security level. > > The reported error was “Error performing TLS handshake: One of the > involved algorithms has insufficient security level.”. > > Thanks > Dean I guess the server is using like TLS 1.0 ? I think first step would be to try get the server configuration upgraded, if that fails I think it would be possible to add an exemption, but I think Fedora does its TLS configuration on its own way, so I may not be able to advise on that. Best regards ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] TLS handshake
Hi thank you, ( update-crypto-policies --set DEFAULT:FEDORA32 ) worked regards dean On Sun, 2021-05-23 at 23:01 +0100, Pete Biggs wrote: > On Mon, 2021-05-24 at 07:27 +1000, Dean Davis wrote: > > Hi > > > > upgraded Fedora 33 to 34, On opening evolution can not connect to > > EWS > > account without a SSL Certificate for Blah is not Trusted. > > > > > > Reason: Error performing TLS handshake: One of the involved > > algorithms has insufficient security level. > > > > The reported error was “Error performing TLS handshake: One of the > > involved algorithms has insufficient security level.”. > > > > > I'm sort of surprised it happened on moving from 33 to 34 because the > major change in crypto stuff was 32->33. But perhaps it was some > change at the server level. > > As with all crypto stuff you need to really understand what you are > doing otherwise you can leave your system in a vulnerable state. You > are the only person who decide how exposed your system is and what > the > consequences of changing things are. > > You could try modifying the policies to an older version with > something > like > > update-crypto-policies --set DEFAULT:FEDORA32 > > (you need to be root to do this). You will probably need to restart > evolution after doing this. This is only a work around. Ultimately > you > need to tell your provider to update the algorithms they use to > support > TLS1.2 > > You can restore the correct crypto settings using > > update-crypto-policies --set DEFAULT > > P. > > > ___ > evolution-list mailing list > evolution-list@gnome.org > To change your list options or unsubscribe, visit ... > https://mail.gnome.org/mailman/listinfo/evolution-list ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] TLS handshake
On Mon, 2021-05-24 at 07:27 +1000, Dean Davis wrote: > Hi > > upgraded Fedora 33 to 34, On opening evolution can not connect to EWS > account without a SSL Certificate for Blah is not Trusted. > > > Reason: Error performing TLS handshake: One of the involved > algorithms has insufficient security level. > > The reported error was “Error performing TLS handshake: One of the > involved algorithms has insufficient security level.”. > > I'm sort of surprised it happened on moving from 33 to 34 because the major change in crypto stuff was 32->33. But perhaps it was some change at the server level. As with all crypto stuff you need to really understand what you are doing otherwise you can leave your system in a vulnerable state. You are the only person who decide how exposed your system is and what the consequences of changing things are. You could try modifying the policies to an older version with something like update-crypto-policies --set DEFAULT:FEDORA32 (you need to be root to do this). You will probably need to restart evolution after doing this. This is only a work around. Ultimately you need to tell your provider to update the algorithms they use to support TLS1.2 You can restore the correct crypto settings using update-crypto-policies --set DEFAULT P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
[Evolution] TLS handshake
Hi upgraded Fedora 33 to 34, On opening evolution can not connect to EWS account without a SSL Certificate for Blah is not Trusted. Reason: Error performing TLS handshake: One of the involved algorithms has insufficient security level. The reported error was “Error performing TLS handshake: One of the involved algorithms has insufficient security level.”. Thanks Dean ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list