Summary: | Allow forcing encryption protocol version | ||
---|---|---|---|
Product: | [Frameworks and Libraries] Akonadi | Reporter: | Christian Mollekopf <mollekopf> |
Component: | IMAP resource | Assignee: | Christian Mollekopf <chrigi_1> |
Status: | RESOLVED FIXED | ||
Severity: | wishlist | CC: | bugs.kde.org, kdepim-bugs, vkrause |
Priority: | NOR | ||
Version: | GIT (master) | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/kdepim-runtime/423632618ed307817a088ae99607d19f3cce98ed | Version Fixed In: | |
Sentry Crash Report: |
Description
Christian Mollekopf
2013-12-10 13:50:32 UTC
A user just ran into this, so we really should have this config file option. it seems a bit anachronistic to me, for akonadi to only work properly if the mailserver still supports SSLv2. as far as i remember that protocol version was even removed from the openssl packages for debian/ubuntu years ago. so regarding the config file solution i'd vote for this: make akonadi use SSLv3/TLS by default, and if you're really still stuck with SSLv2-only, than *that* would be the thing you'd have to turn on in a config file. (In reply to comment #3) > it seems a bit anachronistic to me, for akonadi to only work properly if the > mailserver still supports SSLv2. > > as far as i remember that protocol version was even removed from the openssl > packages for debian/ubuntu years ago. so regarding the config file solution > i'd vote for this: make akonadi use SSLv3/TLS by default, and if you're > really still stuck with SSLv2-only, than *that* would be the thing you'd > have to turn on in a config file. That's not what we're doing. We're using the auto-negotiation that apparently is broken on some servers (there's a report somewhere, if only I could find it). This causes the server to report an ssl version it doesn't actually support and thus the connection fails. For this case it's useful to be able to force the used version and thus skipping the broken negotiation. > That's not what we're doing. We're using the auto-negotiation that
> apparently is broken on some servers
ah, i see -- thanks for the clarification!
so there's hope if i get the mailserver admins to fix the server response.
i'll try that in the meantime ;-)
Git commit 32aaf98fd2d7387f1313cf0d135c82dffa643d9a by Christian Mollekopf. Committed on 07/05/2014 at 14:20. Pushed by cmollekopf into branch 'KDE/4.13'. IMAP-Resource: Allow to override the encryption mode. Some ssl servers advertise an ssl version they don't actually support. This config-only option allows to override the used encryption mode, and supports all available options, so the auto-negotiation can be skipped. M +3 -0 resources/imap/imapresource.kcfg M +24 -0 resources/imap/settings.cpp http://commits.kde.org/kdepim-runtime/32aaf98fd2d7387f1313cf0d135c82dffa643d9a The above patch allows to specify the used version in .kde/share/config/akonadi_imap_resource_*rc [network] OverrideEncryption=TLSV1 Valid values are: SSLV2, SSLV3, TLSV1, SSL, STARTTLS, UNENCRYPTED TLSV1 is the same as sslv3.1 and SSL is the autonegotiation. The patch will be part of the 4.13.1 release. Please let me know whether this fixes your problem, and let me know if it doesn't. > Please let me know whether this fixes your problem, and let me know if it > doesn't. yes, it works! thanks a lot!!! here's what i did: * i added your patch to the ubuntu package sources for kdepim-runtime 4.13.0 * rebuilt the package and replaced the installed one * stopped kmail and akonadi * added the new config option * started kmail -- and everything was back to normal again :-) > The patch will be part of the 4.13.1 release. it should probably be backported to the stock packages, too. you made my day! Git commit 423632618ed307817a088ae99607d19f3cce98ed by Christian Mollekopf. Committed on 07/05/2014 at 14:20. Pushed by cmollekopf into branch 'kolab/integration/4.13.0'. IMAP-Resource: Allow to override the encryption mode. Some ssl servers advertise an ssl version they don't actually support. This config-only option allows to override the used encryption mode, and supports all available options, so the auto-negotiation can be skipped. M +3 -0 resources/imap/imapresource.kcfg M +24 -0 resources/imap/settings.cpp http://commits.kde.org/kdepim-runtime/423632618ed307817a088ae99607d19f3cce98ed |