Bug 340857

Summary: Cannot connect to TLS v1.2 server
Product: [Applications] konversation Reporter: João Eiras <joao.eiras>
Component: generalAssignee: Konversation Developers <konversation-devel>
Status: RESOLVED FIXED    
Severity: normal CC: kdebug, rdieter
Priority: NOR    
Version: 1.5   
Target Milestone: ---   
Platform: Kubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 1.7
Sentry Crash Report:

Description João Eiras 2014-11-11 17:25:36 UTC
This is a follow up of bug 340396, although from a code perspective, it's a completely different issue. Before konvi would force KTcpSocket to use SSL3, now it asks for QSsl::SecureProtocols which maps to SSL3 and TLS1.

Unfortunately, if an irc server is using TLS1.2, QSSlSocket will fail to negotiate a connection and will return an unknown error. Apparently, when it sees the SecureProtocols flag it will try TLS1.0 and then fallback to SSL3, bypassing TLS1.2. So this seems like either a bug or limitation in the Qt. This is what Eike Hein told me.

If you can't setup a test server, then I can give you an address, but I'll then ask you to ask me the address in private (corporate server).

Reproducible: Always
Comment 1 Rex Dieter 2014-11-11 17:28:48 UTC
should be fixed in konversation-1.5.1 recently released to address this, see also bug #340396

*** This bug has been marked as a duplicate of bug 340396 ***
Comment 2 João Eiras 2014-11-11 17:30:43 UTC
I specifically described how this is not a duplicate of 340396. Please read the description.
Comment 3 João Eiras 2014-11-11 17:34:56 UTC
This will kind of work for testing:

Try this public server irc.opera.com:6697 , secure connection enabled.

The server supports tls1.2. When connecting to it, the server window will display "You are connected to irc-ams.opera.com with SSLv3-AES256-SHA-256bits". That is wrong, TLSv1.2 should be preferred.
Comment 4 Rex Dieter 2014-11-11 18:00:56 UTC
Oh sorry about that, I only did peruse the title/subject of the bug initially.
Comment 5 Andrew Crouthamel 2018-11-12 02:51:09 UTC
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 6 Andrew Crouthamel 2018-11-21 04:46:07 UTC
Dear Bug Submitter,

This is a reminder that this bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? This bug will be moved back to REPORTED Status for manual review later, which may take a while. If you are able to, please lend us a hand.

Thank you for helping us make KDE software even better for everyone!
Comment 7 kdebug 2020-05-03 18:40:10 UTC
the kvirc app already supports TLS 1.3 to freenode.net. Time to catch up with them!
Comment 8 kdebug 2020-05-03 20:10:46 UTC
(In reply to João Eiras from comment #3)
>  irc.opera.com:6697 , secure connection enabled.
 
> The server supports tls1.2. When connecting to it, the server window will
> display "You are connected to irc-ams.opera.com with
> SSLv3-AES256-SHA-256bits". That is wrong, TLSv1.2 should be preferred.

with Konversation Version 1.7-master #5112 compiled from sources

I get:

-irc-ams.opera.com- *** You are connected to irc-ams.opera.com with TLSv1.2-AES256-GCM-SHA384-256bits

TLS 1.2 as should be OK. seems the bug is gone. Ubuntu 20.04 focal with ZFS /

I put it to fixed in v1.7
Comment 9 kdebug 2020-05-03 20:13:40 UTC
(In reply to Andrew Crouthamel from comment #6)
> Could you help us out and re-test if the bug is valid in the latest version?  

it is gone in my May of 2020 report on Konvi 1.7     consider it FIXED