Re: [RCU] [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail
On 10.11.2016 11:55, Paweł Łukasik wrote: > Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP > connections but not for SMTP. > PHP is rather new (Debian 7): > > php --version > PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep 5 2015 00:21:03) > Copyright (c) 1997-2014 The PHP Group > Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies I'm afraid you need PHP 5.6 according to this http://php.net/manual/en/function.stream-socket-enable-crypto.php I have no idea how did you get IMAP connection to use TLS 1.2. As I've said both SMTP and IMAP code use the same way of setting TLS. ps. PHP 5.4 is no longer supported by PHP. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] PGP: 19359DC1 # Blog: https://kolabian.wordpress.com ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail
Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP connections but not for SMTP. PHP is rather new (Debian 7): php --version PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep 5 2015 00:21:03) Copyright (c) 1997-2014 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies do you really think roundcube has it's own low-level TLS code? most likely you run outdated PHP https://bugs.php.net/bug.php?id=65329 Am 10.11.2016 um 11:02 schrieb Paweł Łukasik: Hello, Roundcube always use TLSv1 for sending mail (used on same host as mailserver with both RSA and ECDSA certs, ports 25 and 587). When I disable all TLS/SSL versions except TLSv1.2 in Postfix config, I cannot send mails from Roundcube (SMTP Error: Authentication failure: STARTTLS failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php on line 1649 (POST /?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send) ) but can from desktop/mobile client. Connection from Roundcube to IMAP server is always use TLSv1.2, external servers (i.e. GMail) connect with TLSv1.2. What could cause this behaviour? Is it possible to force TLSv1.2 for SMTP? -- Pozdrawiam, Paweł Łukasik ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail
What could cause this behaviour? Is it possible to force TLSv1.2 for SMTP? You need Net_SMTP package in version >= 1.7.1. 1.7.2 installed with full roundcube 1.2.2 package. I've checked also on pear.php and diff shows no diffs. ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail
On 10.11.2016 11:02, Paweł Łukasik wrote: > What could cause this behaviour? Is it possible to force TLSv1.2 for SMTP? You need Net_SMTP package in version >= 1.7.1. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] PGP: 19359DC1 # Blog: https://kolabian.wordpress.com ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
[RCU] [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail
Hello, Roundcube always use TLSv1 for sending mail (used on same host as mailserver with both RSA and ECDSA certs, ports 25 and 587). When I disable all TLS/SSL versions except TLSv1.2 in Postfix config, I cannot send mails from Roundcube (SMTP Error: Authentication failure: STARTTLS failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php on line 1649 (POST /?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send) ) but can from desktop/mobile client. Connection from Roundcube to IMAP server is always use TLSv1.2, external servers (i.e. GMail) connect with TLSv1.2. What could cause this behaviour? Is it possible to force TLSv1.2 for SMTP? -- Regards, Paul ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users