Bug 392203

Summary: Managesieve doesn't work over pure TLS connection
Product: [Applications] kmail2 Reporter: Leandro Lucarella <luca-kde>
Component: sieveAssignee: kdepim bugs <kdepim-bugs>
Status: REPORTED ---    
Severity: normal CC: ab4bd, marcus_kde, me
Priority: NOR    
Version: 5.6.3   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Attachments: Wireshark capture of the very data-less conversation with a TLS server over IPv6/TCP

Description Leandro Lucarella 2018-03-22 23:29:13 UTC 
I couldn't find any way to configure manangesieve over a pure TLS connection (no plain connection + STARTTLS command). There should be a way to configure which type of encrypted channel to use with managesieve. Even when there is no standard port for "sieves", users should be able to configure on it on any custom port.
Comment 1 Marcus Müller 2022-07-20 22:14:21 UTC 
Can confirm this. It's a blocker.

Matter of fact, while trying to establish a TLS connection using the usual `openssl s_client -showcerts -connect example.com:4190` works beautifully, ksieve doesn't even try to negotiate a TLS connect.

It's just TCP's SYN; SYN, ACK; ACK; at this point the TCP connection is established, and it would be the client's job to initiate a TLS session – never happens, there's 0 bytes exchanged, until at some point either I close the program or the server drops the idle conneciton.

Functionality of the same server has been verified through an unenencrypted direct connection.

Attaching Wireshark capture.
Comment 2 Marcus Müller 2022-07-20 22:16:22 UTC 
Created attachment 150778 [details]
Wireshark capture of the very data-less conversation with a TLS server over IPv6/TCP
Comment 3 Marcus Müller 2022-07-20 22:18:20 UTC 
Tested version of libksieve was 21.12.2, by the way, can't map that to the versions offered as choice above. Having a hard time building git master from source.
Comment 4 Marcus Müller 2022-07-22 08:03:10 UTC 
Also reproducible under 5.20.3 (22.04.3)