New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL no shared cipher unable to connect to dovecot imap server #3202
Comments
K-9 Mail uses Android's TLS stack. The only thing we do is blacklist some outdated ciphers and SSLv3. See https://github.com/k9mail/k-9/blob/04f18d8803c1a2f99ddc96c108f2c5e29ce49301/k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java If there's a problem it's more likely an issue with your server configuration or Android version than a bug in K-9 Mail. |
It is probably an issue with Android 8.0 as same version of K9 works well on 7.x.
I was wondering if there is anything that can be done internally in K9.
…On February 23, 2018 1:03:53 AM UTC, cketti ***@***.***> wrote:
K-9 Mail uses Android's TLS stack. The only thing we do is blacklist
some outdated ciphers and SSLv3. See
https://github.com/k9mail/k-9/blob/04f18d8803c1a2f99ddc96c108f2c5e29ce49301/k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java
If there's a problem it's more likely an issue with your server
configuration or Android version than a bug in K-9 Mail.
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#3202 (comment)
|
There is no user-configurable behavior for TLS connections in K-9 Mail. And we currently have no plans to work around vendor-specific issues. |
Just want add another me too. I got my new mobile and installed K9 for mailing. My old phone was Android 7 with a different imap-app. My fail2ban rule locked me out from the beginning from my mail server. I will not add ignores for K9 into my firewall settings, so I am dropping K9 until it is fixed. I confirm K9 on Android 7 does produce this error as well (Huawei Nova)! |
You might want to reevaluate your fail2ban rule as it is more likely the source of the problem than K9. |
Hey,
I was able to get k9 working with dovecot on Android 8. Required a bit of tuning server side but it worked. IIRC creating a new dhparam 4096 fixed it for me.
Cheers,
Aditya
… On 29-Jul-2018, at 3:24 PM, kodiakz ***@***.***> wrote:
Just want add another me too. I got my new mobile and installed K9 for mailing. My old phone was Android 7 with a different imap-app. My fail2ban rule locked me out from the beginning from my mail server. I will not add ignores for K9 into my firewall settings, so I am dropping K9 until it is fixed.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
K9 fails to connect to dovecot imap with all levels of ciphers selected from https://mozilla.github.io/server-side-tls/ssl-config-generator/
Server side log :
Expected behavior
K9 should connect to dovecot
Actual behavior
Unable to connect to imap server
Versions
Versions tested: 5.403 from playstore and f-droid
Android version: Oreo 8.0
Phone: Oneplus 5t
Server conf:
Openssl version: 1.0.1t
Dovecot version: 2.1.7
Cipher suites tested:
CDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
Steps to reproduce
The text was updated successfully, but these errors were encountered: