[Users] [Bug 3304] New: SSL handshake failed. gnutls, claws, or openssl?

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Tue Oct 21 03:17:39 CEST 2014 

http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3304

            Bug ID: 3304
           Summary: SSL handshake failed. gnutls, claws, or openssl?
    Classification: Unclassified
           Product: Claws Mail
           Version: 3.10.1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P3
         Component: POP3
          Assignee: users at lists.claws-mail.org
          Reporter: HawKing at bitmessage.ch

In both Fedora20 and Ubuntu14.10, upon checking mail, I am now getting "SSL
handshake failed" on several pop3/smtp accounts, all of which worked
continuously for years previously in Claws, with no local settings changes
having been made.

claws-mail --debug produces the following error:
ssl.c:229:waiting for SSL_connect thread...
ssl.c:247:SSL_connect thread returned -12
** (claws-mail:3005): WARNING **: SSL connection failed (A TLS fatal alert has
been received.)
** (claws-mail:3005): WARNING **: can't initialize SSL.
** (claws-mail:3005): WARNING **: [20:44:18] SSL handshake failed

Diagnostic evidence includes the following:

1) Accounts at different email servers broke at different times over the past
week. I have around 15 email accounts. One pop3 account stopped working while
SMTP still worked, and the other 14 still worked. Then another server (3 more
acounts, pop and smtp) broke, and finally, days later, another server (2 more,
pop and smtp) broke with the same error. Email was checked in between on all
accounts, and all remaining worked in between.

2) Updates of gnutls, claws-mail, or my local openssl were not temporally
correlated with breakage of any account, as all had occurred weeks before they
broke, with daily email checking.

3) The same error replicates across operating systems, on Fedora20 and Ubuntu
14.10. 

4) To further diagnose, I checked all of these accounts in Thunderbird, which
still works fine for sending and receiving via pop/smtp and SSL/TLS.

5) In claws, STARTLS->SSL works for the accounts where SSL/TLS is broken in
Claws. Two different email servers have both SSL/TLS options and a STARTLS
option. The later STARTLS->SSL works fine still for servers where both should
work, but SSL does not.

The progressive breakdown (email servers stopped working at different times),
leads me to conclude a remote update shared across the three servers broke SSL
handshaking. I would guess openssl on the servers?

I'm not sure how to track this bug in a more detailed way.

Any advice about where to go from here?

Also, as an aside, why is it that in the account summary, claws lists any
STARTTLS->SSL account as (TLS) and any SSL/TLS as (SSL)? In my understanding,
they don't differ in use of TLS versus SSL but use the same encryption, and
STARTTLS just starts as plaintext first.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list