[Users] POP3S - SSL Handshake Failures.

ENI info at endeavor-networks.com
Thu Sep 4 19:24:38 CEST 2014


> 
> I refer you back to what I said:
> 
>> Use the hidden account prefs to specify manually the priority string
>> used. Quit Claws, open ~/.claws-mail/accountrc, find your account
>> block, set 'gnutls_set_priority' to 1, and put your priority string
>> in 'gnutls_priority'.  
> 
> and
> 
>> The last commit in Claws Mail GIT repository might resolve your
>> issue.  
> 
> with regards
> 
> Paul
> 

Paul:

On 2014-08-31, we expressed our appreciation to you for the advice
offered, and provided feedback indicating that the CM (Win32)
installation appeared to ignore the "gnutls_priority" string.

You will find "redacted" content from that posting below.

With regard to the last commit in Claws Mail GIT repository. Our skill
set is different than yours. We are not familiar with compiling source
code, and do not have the time to take on that task at this time. 

We have spent  time that we could not afford to spend on the
investigation documented in our posts, in an effort to both resolve the
issue, and offer something to the forum.

Please review the "redacted" content below:

>>>  
>>>  Paul:
>>>  
>>> Thank you for your interest in our issue, and the suggestions
>>> offered. 
>>>  
>>> We located the appropriate account block within the "accountrc"
>>> file located at:
>>>  
>>> C:\Documents and Settings\user-name-redacted\Application
>>> Data\Claws-mail\accountrc
>>>  
>>> ... and tried a couple of different "gnutls_priority" strings. On
>>> each occasion, we quit Claws Mail, edited and saved the file, then
>>> relaunched CM.
>>>  
>>> Initial Configuration
>>> gnutls_set_priority=0
>>> gnutls_priority=
>>> 
>>> Trial # 1
>>> gnutls_set_priority=1
>>> gnutls_priority=%LATEST_RECORD_VERSION
>>> 
>>> Expectation: a transition from an SSLv3 Record Layer, to a TLSv1.2
>>> Record Layer.
>>> Observation: CM still used the SSLv3 Record Layer, and failed the
>>> handshake.
>>> 
>>> Trial # 2
>>> gnutls_set_priority=1
>>> gnutls_priority=NORMAL:%LATEST_RECORD_VERSION
>>> 
>>> Expectation: Same as above.
>>> Observation: CM still used the SSLv3 Record Layer, and failed the
>>> handshake.
>>> Note: We tried a different syntax, by including "NORMAL:".
>>> 
>>> Trial # 3
>>> gnutls_set_priority=1
>>> gnutls_priority=NORMAL:-VERS-SSL3.0
>>> 
>>> Expectation: a transition to TLS1.0, TLS1.1, or TLS1.2.
>>> Observation: CM still used the SSLv3 Record Layer, and failed the
>>> handshake.
>>> 
>>> Trial #4
>>> gnutls_set_priority=1
>>> gnutls_priority=SECURE256
>>> 
>>> Expectation: a reduction in the number of cipher suites offered.
>>> Observation: The same 28 suites were offered, as with NORMAL.
>>> Note: This test was just to see if we could bring about any change
>>> in behavior with a priority string.
>>> 
>>> It appears that our priority strings are not being read or
>>> utilized. Is there something about our syntax that is incorrect?
>>> 
>>> 
>>> The GnuTLS Manual, which does not indicate a software revision
>>> number, made the following statements in Section 5.10 Priority
>>> strings: "Priority strings are not constant between gnutls
>>> versions".
>>> 
>>> "Unless the initial keyword is "NONE" the defaults (in preference
>>> order) are for TLS protocols TLS1.2, TLS1.1, TLS1.0, SSL3.0 ... ".
>>> 
>>> We are not sure why SSL3.0 is being used, when these other
>>> protocols are supposed to have preference.
>>> 

Thank you.

Best Regards,
ENI



More information about the Users mailing list