RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1153723 - CVE-2014-3566 POODLE - Enable TLS for SSL Camel connections
Summary: CVE-2014-3566 POODLE - Enable TLS for SSL Camel connections
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: evolution-data-server
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Matthew Barnes
QA Contact: Desktop QE
URL:
Whiteboard:
: 1159704 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-16 16:12 UTC by Milan Crha
Modified: 2015-03-05 13:33 UTC (History)
5 users (show)

Fixed In Version: evolution-data-server-3.8.5-32
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 13:33:52 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0561 0 normal SHIPPED_LIVE evolution-data-server bug fix and enhancement update 2015-03-05 17:08:42 UTC

Description Milan Crha 2014-10-16 16:12:43 UTC
This comes from a Fedora bug #1153052, where is reported that Evolution cannot connect to mail (like IMAP) server using SSL when the server has the SSL disabled due to the CVE-2014-3566 POODLE (see bug #1152789 even this is not related to openssl as such).

The fedora bug contains a fix which can be added into RHEL7 too and fix an error like:

   Could not connect to 'server:993': Cannot communicate securely with peer:
   no common encryption algorithm(s).

Please note that evolution-data-server in RHEL6 is not affected by this.

Comment 3 Milan Crha 2014-11-03 08:09:26 UTC
*** Bug 1159704 has been marked as a duplicate of this bug. ***

Comment 4 Milan Crha 2014-11-12 15:02:12 UTC
I realized my patch in 3.8.5-30 has missing a very important chunk from the Fedora bug, which makes this non-working. The chunk is added since 3.8.5-32.

(In reply to Milan Crha from comment #0)
> Please note that evolution-data-server in RHEL6 is not affected by this.

This is also not true, IMAP is fine, but POP3, SMTP and NNTP are affected (thanks to Tomas Bzatek, whom found it).

Comment 5 William Lovaton 2014-11-12 22:51:05 UTC
I just configured my mail server to not accept SSLv3 and Evolution is sending mail without any problem:

   TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)

Some other windows clients are using TLSv1.2

But when I disable SSLv3 in Dovecot I'm not able to download my emails through secure POP3:

   dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.11.43.3, lip=10.0.23.8, TLS handshaking: SSL_accept() failed: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number, session=<8DoxN7EHbAAKCysD>

I hope the patch can be backported to Fedora 19 too.

Thanks,

William

Comment 6 Milan Crha 2014-11-13 05:12:21 UTC
(In reply to William Lovaton from comment #5)
> I just configured my mail server to not accept SSLv3 and Evolution is
> sending mail without any problem:
> ...
> I hope the patch can be backported to Fedora 19 too.

Hello, are you talking about RHEL7 (this bug is filled against RHEL7) or Fedora 19 (you found bug #1153052 as well)?

Comment 7 William Lovaton 2014-11-13 14:02:12 UTC
Hello, you are right, I'm talking about Fedora 19, it's just that bug #1153052 was filed for Fedora 20 and I thought it wouldn't be backported to F19.  But now that I see the same bug for RHEL 7 which have the same version of evolution I decided to share my findings here.  Now I see in the other bug that an update for Fedora 19 have been released, thanks a lot for your help, that was quick.

Comment 8 Darod Zyree 2014-12-10 00:06:09 UTC
Greetings, we can we expect this issue resolved/update to be available on RHEL7?

Comment 9 Milan Crha 2014-12-10 06:24:27 UTC
(In reply to Darod Zyree from comment #8)
> Greetings, we can we expect this issue resolved/update to be available on
> RHEL7?

With the RHEL 7.1 release. Alternatively, as Fixed In field says,
evolution-data-server-3.8.5-32.

Comment 12 errata-xmlrpc 2015-03-05 13:33:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0561.html


Note You need to log in before you can comment on or make changes to this bug.