Outlook 2016 login error

[maccter]

when i login with outlook 2016, IMAP 993 SMTP 465

front_1 | 2023-08-13T16:38:30.456819297+08:00 2023/08/13 16:38:30 [info] 34#34: *828 client 221.226.197.207:35162 connected to 0.0.0.0:993
front_1 | 2023-08-13T16:38:30.457377125+08:00 2023/08/13 16:38:30 [info] 35#35: *829 client 221.226.197.207:35161 connected to 0.0.0.0:993
front_1 | 2023-08-13T16:38:30.457640854+08:00 2023/08/13 16:38:30 [info] 34#34: *828 SSL_do_handshake() failed (SSL: error:0A0000EB:SSL routines::no application protocol) while SSL handshaking, client: 221.226.197.207, server: 0.0.0.0:993
front_1 | 2023-08-13T16:38:30.460083870+08:00 2023/08/13 16:38:30 [info] 35#35: *829 SSL_do_handshake() failed (SSL: error:0A0000EB:SSL routines::no application protocol) while SSL handshaking, client: 221.226.197.207, server: 0.0.0.0:993

[nextgens]

What is your TLS_FLAVOR set to? Do you use a reverse proxy? Can you confirm which version of Mailu and Windows this is with please?

[maccter]

Hello, TLS_FLAVOR is letsencrypt, mailu 2.0, window7, this is my mailu.env

Mailu main configuration file

This file is autogenerated by the configuration management wizard for compose flavor.

For a detailed list of configuration variables, see the documentation at

https://mailu.io

###################################

Common configuration variables

###################################

Set to a randomly generated 16 bytes string

SECRET_KEY=K1OZYJRLMWYNX7

Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)

SUBNET=192.168.203.0/24

Main mail domain

DOMAIN=mailu.v5.cn

Hostnames for this server, separated with comas

HOSTNAMES=mailu.v5.cn

Postmaster local part (will append the main mail domain)

POSTMASTER=admin

Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)

TLS_FLAVOR=letsencrypt
TLS_KEYPAIR_FILENAME=privkey.pem
TLS_CERT_FILENAME=cert.pem

Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)

AUTH_RATELIMIT_IP=5/hour

Authentication rate limit per user (regardless of the source-IP)

AUTH_RATELIMIT_USER=50/day

Opt-out of statistics, replace with "True" to opt out

DISABLE_STATISTICS=False

###################################

Optional features

###################################

Expose the admin interface (value: true, false)

ADMIN=true

Choose which webmail to run if any (values: roundcube, snappymail, none)

WEBMAIL=roundcube

Expose the API interface (value: true, false)

API=false

Dav server implementation (value: radicale, none)

WEBDAV=radicale

Antivirus solution (value: clamav, none)

ANTIVIRUS=clamav

Scan Macros solution (value: true, false)

SCAN_MACROS=true

###################################

Mail settings

###################################

Message size limit in bytes

Default: accept messages up to 50MB

Max attachment size will be 33% smaller

MESSAGE_SIZE_LIMIT=400000000

Message rate limit (per user)

MESSAGE_RATELIMIT=200/day

Networks granted relay permissions

Use this with care, all hosts in this networks will be able to send mail without authentication!

RELAYNETS=

Will relay all outgoing mails if configured

RELAYHOST=

Enable fetchmail

FETCHMAIL_ENABLED=true

Fetchmail delay

FETCHMAIL_DELAY=600

Recipient delimiter, character used to delimiter localpart from custom address part

RECIPIENT_DELIMITER=+

DMARC rua and ruf email

DMARC_RUA=admin
DMARC_RUF=admin

Welcome email, enable and set a topic and body if you wish to send welcome

emails to all users.

WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!

Maildir Compression

choose compression-method, default: none (value: gz, bz2)

COMPRESSION=

change compression-level, default: 6 (value: 1-9)

COMPRESSION_LEVEL=

IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.

FULL_TEXT_SEARCH=off

###################################

Web settings

###################################

Path to redirect / to

WEBROOT_REDIRECT=/webmail

Path to the admin interface if enabled

WEB_ADMIN=/admin

Path to the webmail if enabled

WEB_WEBMAIL=/webmail

Path to the API interface if enabled

WEB_API=

Website name

SITENAME=测试邮箱

Linked Website URL

WEBSITE=https://mailu.v5.cn

###################################

Advanced settings

###################################

Docker-compose project name, this will prepended to containers names.

COMPOSE_PROJECT_NAME=mailu

Number of rounds used by the password hashing scheme

CREDENTIAL_ROUNDS=12

Header to take the real ip from

REAL_IP_HEADER=X-Real-IP

IPs for nginx set_real_ip_from (CIDR list separated by commas)

REAL_IP_FROM=172.1.1.180

choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)

REJECT_UNLISTED_RECIPIENT=

Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)

LOG_LEVEL=WARNING

Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

#TZ=Etc/UTC
TZ=PRC

Default spam threshold used for new users

DEFAULT_SPAM_THRESHOLD=80

API token required for authenticating to the RESTful API.

This is a mandatory setting for using the RESTful API.

API_TOKEN=7DV0GDJD18PI51ORZY67J**************

[nextgens]

Thank you for the information. Odds are your Windows installation is not configured to use TLS1.2.

Please ensure you have applied all outstanding updates and if that does not work, follow the steps at:

https://my.kualo.com/knowledgebase/33_windows---configuring-email/1403_how-to-enable-tls-v1.1v1.2-for-windows-78-and-outlook-200720102013.html
https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392
https://manage.accuwebhosting.com/knowledgebase/3008/How-do-you-enable-TLS-1-2-on-Windows-7.html

If none of this work, please visit https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html and send us a screenshot of the "Protocol Features" part of that page

[maccter]

thank you, do mailu support TLS1.1, how to configuration it?

[nextgens]

No it does not.

If you want to configure it, you can tweak the settings in the file at /etc/nginx/tls.conf in the front container. You will have to reload the settings using nginx -s reload after applying your changes.

[maccter]

Hello, I had set tls.conf, and reload nginx, but still not work! my tls.conf is below:
ssl_certificate /certs/letsencrypt/live/mailu/nginx-chain.pem;
ssl_certificate_key /certs/letsencrypt/live/mailu/privkey.pem;

ssl_certificate /certs/letsencrypt/live/mailu-ecdsa/nginx-chain.pem;
ssl_certificate_key /certs/letsencrypt/live/mailu-ecdsa/privkey.pem;
ssl_trusted_certificate /etc/ssl/certs/ca-cert-ISRG_Root_X1.pem;

ssl_session_timeout 1d;
ssl_session_tickets off; # this can be removed when we have nginx v1.23.2
ssl_dhparam /conf/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

[nextgens]

Do you still get the same error in the logs?

[maccter]

yes, it's still the same error
SSL_do_handshake() failed (SSL: error:0A0000EB:SSL routines::no application protocol) while SSL handshaking, client: 221.226.197.207, server: 0.0.0.0:993

[nextgens]

Does it work with other clients? (that are not Outlook) If not, can you share the IP address of the server?

"no application protocol" is very weird. The client is not supposed to request one for IMAPS and the server should just disregard what it doesn't know about without making it an error.

Do you have any device that may man-in-the-middle the client and server?

[outbackdingo]

I am seeing also a similar error
│ 2023/09/27 09:11:45 [error] 18#18: *27163 115.79.143.86 could not be resolved (3: Host not found) while in resolving client address, client: 115.79.143.86, server: 0.0.0.0:465 │
│ 2023/09/27 09:11:46 [info] 18#18: *27162 peer closed connection in SSL handshake while SSL handshaking, client: 115.79.143.86, server: 0.0.0.0:465 │
│ 2023/09/27 09:11:46 [info] 12#12: *27155 SSL_do_handshake() failed (SSL: error:0A0000C1:SSL routines::no shared cipher) while in starttls state, client: 115.79.143.86 using starttls, server: 0.0.0.0:587 │
│ 2023/09/27 09:11:46 [info] 90#90: *27157 SSL_do_handshake() failed (SSL: error:0A0000C1:SSL routines::no shared cipher) while in starttls state, client: 115.79.143.86 using starttls, server: 0.0.0.0:143 │
│ 2023/09/27 09:11:46 [info] 14#14: *27164 client 115.79.143.86:4595 connected to 0.0.0.0:995 │
│ 2023/09/27 09:11:46 [info] 71#71: *27160 peer closed connection in SSL handshake while in starttls state, client: 115.79.143.86 using starttls, server: 0.0.0.0:110 │
│ 2023/09/27 09:11:46 [info] 89#89: *27154 peer closed connection in SSL handshake while in starttls state, client: 115.79.143.86 using starttls, server: 0.0.0.0:143 │
│ 2023/09/27 09:11:46 [info] 91#91: *27165 client 115.79.143.86:34740 connected to 0.0.0.0:143 │
│ 2023/09/27 09:11:46 [info] 12#12: *27159 peer closed connection in SSL handshake while in starttls state, client: 115.79.143.86 using starttls, server: 0.0.0.0:587 │
│ 2023/09/27 09:11:46 [info] 34#34: *27161 peer closed connection in SSL handshake while in starttls state, client: 115.79.143.86 using starttls, server: 0.0.0.0:25 │
│ 2023/09/27 09:11:46 [info] 12#12: *27166 client 115.79.143.86:5107 connected to 0.0.0.0:587 │
│ 2023/09/27 09:11:46 [error] 12#12: *27166 115.79.143.86 could not be resolved (3: Host not found) while in resolving client address, client: 115.79.143.86, server: 0.0.0.0:587 │
│ 2023/09/27 09:11:46 [info] 17#17: *27167 client 115.79.143.86:50359 connected to 0.0.0.0:993 │
│ 2023/09/27 09:11:46 [info] 14#14: *27168 client 115.79.143.86:4618 connected to 0.0.0.0:995 │
│ 2023/09/27 09:11:46 [info] 17#17: *27167 peer closed connection in SSL handshake while SSL handshaking, client: 115.79.143.86, server: 0.0.0.0:993 │
│ 2023/09/27 09:11:46 [info] 14#14: *27168 peer closed connection in SSL handshake while SSL handshaking, client: 115.79.143.86, server: 0.0.0.0:995

[nextgens]

@outbackdingo please open a different ticket.

This one is about "SSL routines::no application protocol", you seem to be experiencing "SSL routines::no shared cipher"

[outbackdingo]

@outbackdingo please open a different ticket.

This one is about "SSL routines::no application protocol", you seem to be experiencing "SSL routines::no shared cipher"

oddly enough, mines fixed on a redeploy of them helm charts...

[maccter]

do you share your website's(test.mailu.io) nginx.conf and tls.conf, Let me refer to it

[nextgens]

The config is at https://github.com/Mailu/infra/tree/master

It's different though as we use a reverse proxy

[maccter]

Hello！ I test with openssl，the error info is in acctachment
then I found the error code: https://www.rfc-editor.org/rfc/rfc7301.html

[nextgens]

try the same command without -alpn h2 ... as that does not make any sense to try HTTP2 on POP3S

[maccter]

try the same command without -alpn h2 is OK

[maccter]

I found the error code in : https://www.rfc-editor.org/rfc/rfc7301.html
tls extension "application_layer_protocol_negotiation" can Cause this error

[nextgens]

Can you capture the network traffic of what outlook sends please? We need the ClientHello to find out what is going on here.

[maccter]

Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
Random: 0ab6c6d214869bfbc3eec49f205e804e297ca4c7ace71c9194a1d68924443ec9
GMT Unix Time: Sep 12, 1975 18:43:30.000000000 中国标准时间
Random Bytes: 14869bfbc3eec49f205e804e297ca4c7ace71c9194a1d68924443ec9
Session ID Length: 32
Session ID: 610adcba7ea9fa2490b646a62b992e5cd29e42bc69d90b905301476751997161
Cipher Suites Length: 158
Cipher Suites (79 suites)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xc0af)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM_8 (0xc0a3)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 (0xc05d)
Cipher Suite: TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (0xc061)
Cipher Suite: TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 (0xc057)
Cipher Suite: TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (0xc053)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc073)
Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c4)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 (0x00c3)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1)
Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d)
Cipher Suite: TLS_RSA_WITH_ARIA_256_GCM_SHA384 (0xc051)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM_8 (0xc0a2)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 (0xc05c)
Cipher Suite: TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (0xc060)
Cipher Suite: TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 (0xc056)
Cipher Suite: TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (0xc052)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc072)
Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00be)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 (0x00bd)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0)
Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c)
Cipher Suite: TLS_RSA_WITH_ARIA_128_GCM_SHA256 (0xc050)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 277
Extension: server_name (len=24) name=webmail.grguser.com
Type: server_name (0)
Length: 24
Server Name Indication extension
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
Extension: supported_groups (len=12)
Type: supported_groups (10)
Length: 12
Supported Groups List Length: 10
Supported Groups (5 groups)
Extension: next_protocol_negotiation (len=0)
Type: next_protocol_negotiation (13172)
Length: 0
Extension: application_layer_protocol_negotiation (len=11)
Type: application_layer_protocol_negotiation (16)
Length: 11
ALPN Extension Length: 9
ALPN Protocol
Extension: encrypt_then_mac (len=0)
Type: encrypt_then_mac (22)
Length: 0
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: signature_algorithms (len=48)
Type: signature_algorithms (13)
Length: 48
Signature Hash Algorithms Length: 46
Signature Hash Algorithms (23 algorithms)
Extension: supported_versions (len=9) TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0
Type: supported_versions (43)
Length: 9
Supported Versions length: 8
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Supported Version: TLS 1.1 (0x0302)
Supported Version: TLS 1.0 (0x0301)
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: key_share (len=38) x25519
Type: key_share (51)
Length: 38
Key Share extension
Extension: padding (len=81)
Type: padding (21)
Length: 81
Padding Data: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[JA4: t13d7912h1_4545bafe73dc_f4b9272caa35]
[JA4_r [truncated]: t13d7912h1_0007,002f,0032,0033,0035,0038,0039,003c,003d,0040,0041,0044,0045,0067,006a,006b,0084,0087,0088,0096,0099,009a,009c,009d,009e,009f,00a2,00a3,00ba,00bd,00be,00c0,00c3,00c4,00ff,1301,1302,1303,c009,c00a,c013,c014]
[JA3 Fullstring [truncated]: 771,4866-4867-4865-49196-49200-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-49188-49192-107-106-49267-49271-196-195-49162-49172-57-56-136-135-157-49313-49309-49233-61-192-53-132-4919]
[JA3: ff778e396430eda494c7f77fa54fabcd]

[maccter]

file_outlook_mail_tls1.2_112301.zip
the attachment is detail info

[nextgens]

I am sorry but I am having problems understanding what is going on with the capture here. Which IP address is the outlook client?

I can see some unencrypted pop3 ...

The only SSL transaction that fails with "No application protocol" does not look like it could be outlook: the ALPN is set to http/1.1 and cipher choices suggest that it could be openssl...

[maccter]

client: 180.102.32.202
server: 172.21.8.83

[nextgens]

There is a client connecting to POP3 (port 110) where the transcript reads:

+OK POP3 ready
CAPA
+OK Capability list follows
TOP
UIDL
RESP-CODES
PIPELINING
AUTH-RESP-CODE
STLS
.

And then the TCP session ends and gets reset.

That could be outlook. Is that what we are looking for?

[maccter]

the attachment is opssl test alpn

[nextgens]

Which version of Windows do you run outlook from?

Outlook likely uses Schannel which is updated via windows update.

[maccter]

win7 outlook2016

[maccter]

when I login with we work(ios client) is steel the same error
https://apps.apple.com/cn/app/%E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1/id1087897068

[nextgens]

Let's do one client at a time please.

Can you post screenshots of how the client is configured?

[maccter]

Hello, the attachment is screenshot

[nextgens]

I am sorry but this does not make sense to me.

Which client is that? It does not look like win7/outlook2016.

[stale]

Issues not for bugs, enhancement requests or discussion go stale after 21 days of inactivity. This issue will be automatically closed after 14 days.
For all metrics refer to the stale.yml file.
Github issues are not meant for user support. For user-support questions, reach out on the matrix support channel.

Mark the issue as fresh by simply adding a comment to the issue.
If this issue is safe to close, please do so now.

[rvveber]

I am sorry but this does not make sense to me.

Which client is that? It does not look like win7/outlook2016.

That is probably the chinese outlook operated by 21vianet