Bug 426303

Summary: SSL Connect to MS Exchange autodiscover fails since 20.04
Product: [KDE Neon] neon Reporter: Gaël de Chalendar (aka Kleag) <kleagg>
Component: Packages User EditionAssignee: Neon Bugs <neon-bugs>
Status: RESOLVED WAITINGFORINFO    
Severity: normal CC: jr, neon-bugs, sitter
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Gaël de Chalendar (aka Kleag) 2020-09-08 09:31:37 UTC 
SUMMARY


STEPS TO REPRODUCE
1. Upgrade Neon to 20.04
2. Try to use previously working akonadi-ews based account in Kontact
3. Fail
4. Try to just connect to the autodiscover server
5. Fail
6. Ask colleagues to do the same on other distributions like Ubuntu 20.04. Success for them

OBSERVED RESULT

I try to connect to the autodiscover server with openssl:
$ openssl s_client -connect autodiscover.XXX.XX:443
CONNECTED(00000003)
depth=0 C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
verify error:num=21:unable to verify the first certificate
verify return:1
140336653460800:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2149:
---
Certificate chain
 0 s:C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
   i:C = XX O = XXX, CN = XXXXX
---
Server certificate
-----BEGIN CERTIFICATE-----
…
-----END CERTIFICATE-----
subject=C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX

issuer=C = XX O = XXX, CN = XXXXX

---
No client certificate CA names sent
---
SSL handshake has read 2038 bytes and written 318 bytes
Verification error: unable to verify the first certificate
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: …
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1599555816
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---


EXPECTED RESULT
It should be connected but it returns with return code 1.
On my colleagues computer, under Ubuntu 20.04 or older, it connects and does not return.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.19.5
KDE Frameworks Version: 5.73.0
Qt Version: 5.14.2

ADDITIONAL INFORMATION

Applying this change allows me to connect and to use the Exchange server, but I don't know what are the consequences on the security of my system or my emails.

https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
Comment 1 Carlos De Maine 2025-09-20 09:35:33 UTC 
Thank you for your bug report! 
However this bug report was created/provided previous to 01/01/2023 and also has not received any updates since  before 01/01/2025. 
Unfortunately KDE neon no longer provides updates for anything older than noble 24.04 based edition's.
Please upgrade to KDE neon noble and if you can reproduce the issue after upgrading to an active version, feel free to re-open this bug report.
Thanks for understanding!