[Users] POP3S - SSL Handshake Failures.

ENI info at endeavor-networks.com
Wed Sep 3 08:11:28 CEST 2014 

>>> 
>>> REVIEW for all interested:
>>> 
>>> Multiple, previously working CM installations, using POP3S (port
>>> 995), began failing. The server responds to the Client Hello, with
>>> a Fatal SSLv3 Record Layer Alert (Handshake Failure).
>>> 
>>> Note: The CM installations can successfully negotiate SMTP
>>> (STARTTLS) with the same server, demonstrating some crypto
>>> functionality. 
>>> 
>>> Despite Gnutls's protocol preference order (TLS1.2, TLS1.1, TLS1.0,
>>> SSL3.0 ... ", CM uses SSLv3 Record Layer; SSL 3.0 Handshake, and SSL
>>> 3.0 Client Hello when trying to connect with POP3S.
>>> 
>>> Thunderbird successfully uses TLSv1.2 Record Layer; TLS 1.0
>>> Handshake, and TLS 1.2 Client Hello.
>>> 
>>> The "gnutls-cli" utility, with .DLLs extracted from
>>> gnutls-3.2.16-w32.zip successfully uses TLSv1.2 Record Layer; SSL
>>> 3.0 Handshake, and TLS 1.2 Client Hello.
>>> 
>>> An effort was made to utilize the "gnutls_priority" string
>>> (gnutls_set_priority=, gnutls_priority=) within the account block of
>>> "accountrc", located at:
>>> 
>>> C:\Documents and Settings\user-name-redacted\Application
>>> Data\Claws-mail\
>>> 
>>> ... to alter CM's behavior, but we observed no change.
>>> 
>>> Re-running the "claws-mail-3.10.1-pkg56" installer did not resolve
>>> the issue.
>>> 
>>> Temporarily replacing the .DLLs (and associated .DEF files) located
>>> at: E:\Program Files\GNU\Claws Mail\ with those from
>>> gnutls-3.2.16-w32.zip did not result in a successful POP3S
>>> handshake. The original files have since been restored.
>>> 
>> 
>> Is there anyone connecting to a POP3S server with the following
>> prerequisites:
>> 
>> - claws-mail-3.10.1-pkg56 (Win32).
>> 
>> - "Use SSL for POP3 Connection" enabled in preferences.
>> 
>> - default gnutls_priority string setup, details in earlier post.
>>   (gnutls_set_priority=0, gnutls_priority=)
>> 
>> - Wireshark (or equivalent) installed.
>> 
>> ... that would be willing to determine whether their connection
>> utilizes TLS or SSL?
>> 
>> Specifically, we would like to determine whether the following are
>> observed:
>> 
>> SSLv3 Record Layer
>> SSLv3.0 Handshake
>> SSLv3.0 Client Hello
>> 
>> ... or something different than that.
>> 
>> We recognize that the connection setup is server dependent, but we're
>> trying to confirm whether others with a similar setup are achieving:
>> 
>> TLS1.x Record Layer; Handshake; Client Hello, or any combination
>> thereof.
>> 
> 
> We're going to do a fresh claws-mail-3.10.1-pkg56 (Win32) install on a
> system which has not previously known CM, and determine the level of
> functionality it provides.
> 

We have completed two Win32 installations (claws-mail-3.10.1-pkg56,
claws-mail-3.9.3git84-pkg48) to different install directories on the E:
drive of an XP system that has not previously known CM.

Both installations failed the POP3S SSL handshake in the same manner as
described throughout this thread.

We uninstalled both packages from the E: drive, and reinstalled one to
the default install directory on the C: drive, and retested. That
installation also failed the POP3S SSL handshake.

Still hoping to confirm Win32 behavior per the information provided, two
quote levels above.

Best Regards,
ENI

More information about the Users mailing list