[sylpheed:35703] Re: SSL_peek() failure on Exchange 2003 server
Thomas White
taw at bitwiz.org.uk
Mon Jul 22 06:30:16 JST 2013
Hi everyone,
> [17:21:36] IMAP4< * OK Microsoft Exchange Server 2003 IMAP4rev1 server
> version 6.5.7638.1 (maa-exchfea.maa.corp.company.net) ready.
> [17:21:36] IMAP4> 1 CAPABILITY
> [17:21:36] ** LibSylph-WARNING: SSL_peek() returned error 1, ret = -1
>
> [17:21:36] ** LibSylph-WARNING: [17:21:36] Could not establish IMAP
> connection.
>
> [17:21:36] ** warning: Could not establish IMAP connection.
>
> How do I further investigate this problem? I understand that the
> SSL_peek() error is coming from openssl?
I've been taking a look at this problem today, because it began to
affect me after a fresh OS installation (openSUSE 12.3). Here are two
small patches: the first will give you more information about the
underlying SSL error (giving you a more useful error message to search
for), and the second should work round the issue.
The problem seems to be this one:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
https://bugzilla.novell.com/show_bug.cgi?id=819545
http://cvs.openssl.org/chngview?cn=22565
http://www.mail-archive.com/openssl-users@openssl.org/msg67542.html
It's to do with renegotiation of the SSL version. Sylpheed uses the
option of best compatibility, which is to start with SSLv2 and allow a
switch to SSLv3 or TLSv1. For some reason deep within OpenSSL, this
still doesn't work properly despite the "fix" in one of the above
links. See "man SSL_CTX_new" for some background.
The problem can be worked around by using TLSv1 from the start, which
can be done with a very small change to Sylpheed's source code. This
fixes the problem for me, but sacrifices compatibility with anything
older. On the other hand, TLSv1 is preferred over SSLv3 and certainly
over SSLv2, so that's not a big loss.
I'm using OpenSSL 1.0.1e, which is the latest version, and also
connecting to an Exchange 2003 server.
Tom
--
Thomas White <taw at bitwiz.org.uk>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: more-ssl-error-info.patch
Type: text/x-patch
Size: 677 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/sylpheed/attachments/20130721/beae1d85/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: use-tlsv1-only.patch
Type: text/x-patch
Size: 407 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/sylpheed/attachments/20130721/beae1d85/attachment-0001.bin>
More information about the Sylpheed
mailing list