Bug 356217

Summary:	TLS handshake fails with "no shared cipher".
Product:	[Applications] kmail2	Reporter:	Björn Persson <Bjorn>
Component:	general	Assignee:	kdepim bugs <kdepim-bugs>
Status:	RESOLVED UNMAINTAINED
Severity:	grave
Priority:	NOR
Version:	unspecified
Target Milestone:	---
Platform:	Fedora RPMs
OS:	Linux
Latest Commit:		Version Fixed In:

Description Björn Persson 2015-12-03 01:31:46 UTC

As Claws Mail in Fedora 23 crashes on PGP-signed email, I figured I'd check whether Kmail is usable again. But Kmail seems to be unable to complete a TLS handshake. It appears to get stuck forever trying to open a mail folder, while the IMAP server logs this error message several times per second:

dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=[...], lip=[...], TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher, session=<GQMVo+AlwAAgAlfjF18AcgAAAAAAAAAB>

"no shared cipher" seems to be the key. The server has a list of strong modern ciphersuites. How do I get at Kmail's ciphersuite list?

Reproducible: Always

Comment 1 Denis Kurz 2017-06-23 20:20:20 UTC

This bug has never been confirmed for a Kontact version that is based on KDE Frameworks, except possibly a Technology Preview version 5.0.x. Those versions differ significantly from the old 4.x series. Therefore, I plan to close it in around two or three months. In the meantime, it is set to WAITINGFORINFO to give reporters the opportunity to check if it is still valid. As soon as someone confirms it for a recent version (at least 5.1, ideally even more recent), I'll gladly reopen it.

Please understand that we lack the manpower to triage bugs reported for versions almost two years beyond their end of life.

Comment 2 Denis Kurz 2018-01-31 16:51:32 UTC

Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.1 aka 15.12, preferably more recent), please open a new one unless it already exists. Thank you for all your input.