Red Hat Bugzilla – Bug 750916
Evolution should offer TLSv1 for IMAPS handshake
Last modified: 2014-01-02 06:09:56 EST
Created attachment 531432 [details] Patch to offer TLSv1 for SSL-based connections to IMAP server Description of problem: The Exchange Servers that I connect to (version 2011) are configured to offer IMAP, but require secure SSL. Apparently the latest versions require TLSv1, as they will disconnect without a reply if TLSv1 is not offered. Version-Release number of selected component (if applicable): evolution-data-server-2.28.3-15.el6 How reproducible: Always Steps to Reproduce: 1. Find a recent Exchange Server that offers IMAPS. Server may have been hardened to require newer/more secure protocols. 2. Set up an IMAP account that connects to the secure port 3. Attempt to send/receive mail Actual results: Exchange Server disconnects. Evolution reports an unexpected disconnect. Expected results: Successful mail retrieval Additional info: Fix is trivial. Patch attached.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative.
Thanks for a bug report. Why not just use TLS then? I mean in account preferences, you can choose there to use SSL or TLS, thus use TLS, if server requires it. I was able to connect to exchange 2010 and Exchange 2007 servers, but I do not recall whether it was with SSL, TLS, or even without both of these. Also note of this change [1], which may or may not be related. [1] https://git.gnome.org/browse/evolution-data-server/commit/?id=b1a5cb02bc7412
The TLS option should really be called "STARTLS" because that's the avenue it uses. It assumes that the connection is initially open IMAP and upon receipt of the server greeting it sends the STARTTLS command. This is not the same at all as making TLS an option for establishing secure communications over IMAPS. The referred change only deprecates SSLv2. SSLv3 is the current "best" that Evolution (at least the version used in RHEL6) allows. But Exchange wants TLS.
OK, I'd say we can do it, patch available. We only should make sure that other servers will work with this change as well.
Used change in evolution-data-server-2.32.3-3.el6 covers both IMAP and IMAP+.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-1540.html