426303 – SSL Connect to MS Exchange autodiscover fails since 20.04

Bug 426303 - SSL Connect to MS Exchange autodiscover fails since 20.04

Summary: SSL Connect to MS Exchange autodiscover fails since 20.04

Status:	RESOLVED WAITINGFORINFO

Alias:	None

Product:	neon
Classification:	KDE Neon
Component:	Packages User Edition (other bugs)
Version First Reported In:	unspecified
Platform:	Neon Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Neon Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-09-08 09:31 UTC by Gaël de Chalendar (aka Kleag)
Modified:	2025-09-20 09:35 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Gaël de Chalendar (aka Kleag) 2020-09-08 09:31:37 UTC

SUMMARY


STEPS TO REPRODUCE
1. Upgrade Neon to 20.04
2. Try to use previously working akonadi-ews based account in Kontact
3. Fail
4. Try to just connect to the autodiscover server
5. Fail
6. Ask colleagues to do the same on other distributions like Ubuntu 20.04. Success for them

OBSERVED RESULT

I try to connect to the autodiscover server with openssl:
$ openssl s_client -connect autodiscover.XXX.XX:443
CONNECTED(00000003)
depth=0 C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
verify error:num=21:unable to verify the first certificate
verify return:1
140336653460800:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2149:
---
Certificate chain
 0 s:C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
   i:C = XX O = XXX, CN = XXXXX
---
Server certificate
-----BEGIN CERTIFICATE-----
…
-----END CERTIFICATE-----
subject=C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX

issuer=C = XX O = XXX, CN = XXXXX

---
No client certificate CA names sent
---
SSL handshake has read 2038 bytes and written 318 bytes
Verification error: unable to verify the first certificate
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: …
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1599555816
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---


EXPECTED RESULT
It should be connected but it returns with return code 1.
On my colleagues computer, under Ubuntu 20.04 or older, it connects and does not return.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.19.5
KDE Frameworks Version: 5.73.0
Qt Version: 5.14.2

ADDITIONAL INFORMATION

Applying this change allows me to connect and to use the Exchange server, but I don't know what are the consequences on the security of my system or my emails.

https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

Comment 1 Carlos De Maine 2025-09-20 09:35:33 UTC

Thank you for your bug report! 
However this bug report was created/provided previous to 01/01/2023 and also has not received any updates since  before 01/01/2025. 
Unfortunately KDE neon no longer provides updates for anything older than noble 24.04 based edition's.
Please upgrade to KDE neon noble and if you can reproduce the issue after upgrading to an active version, feel free to re-open this bug report.
Thanks for understanding!