Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SSL/TLS failure for my imap server
728 views
Skip to first unread message
Jean-Pierre Coulon
Aug 31, 2017, 12:23:22 PM8/31/17
to
I obtain the message SSL/TLS failure with the imap server I've been using
for more than 10 years. The reason is "Unexpected TCP input disconnect"
with the suggestion to add /notls to the server name.
If I accept the offer to type C [continue] I am brought back to the main
menu.
If I add /notls to the server name alpine is blocked for about 10 seconds
and I obtain Can't connect to muimapserver,143: Timed out]
This server works fine with another remote computer.
What can have changed?
Bye,
Jean-Pierre Coulon
for more than 10 years. The reason is "Unexpected TCP input disconnect"
with the suggestion to add /notls to the server name.
If I accept the offer to type C [continue] I am brought back to the main
menu.
If I add /notls to the server name alpine is blocked for about 10 seconds
and I obtain Can't connect to muimapserver,143: Timed out]
This server works fine with another remote computer.
What can have changed?
Bye,
Jean-Pierre Coulon
Eduardo Chappa
Aug 31, 2017, 11:40:26 PM8/31/17
to
cipher which the owners of the server consider secure, and your SSL
supports only insecure ciphers.
Have you tried connecting using SSL in port 993 directly instead of TLS in
port 143? Without knowing specific names, I cannot test, but can only
guess.
I hope this helps.
--
Eduardo
http://alpine.freeiz.com/alpine/ (Web)
http://repo.or.cz/alpine.git (Git)
Jean-Pierre Coulon
Sep 1, 2017, 12:32:27 AM9/1/17
to
On Thu, 31 Aug 2017, Eduardo Chappa wrote:
> Have you tried connecting using SSL in port 993 directly instead of TLS in
> port 143? Without knowing specific names, I cannot test, but can only guess.
With 993 I obtain indefinitly No reply in 15 seconds from server ... Break
> Have you tried connecting using SSL in port 993 directly instead of TLS in
> port 143? Without knowing specific names, I cannot test, but can only guess.
connection?
My inbox path is {imap-n.oca.eu:993/user=jpcoulon}INBOX
it was {imap-n.oca.eu/ssl/user=jpcoulon}INBOX. I was not using TLS.
Jean-Pierre Coulon
Eduardo Chappa
Sep 1, 2017, 5:42:54 PM9/1/17
to
On Fri, 1 Sep 2017, Jean-Pierre Coulon wrote:
> My inbox path is {imap-n.oca.eu:993/user=jpcoulon}INBOX it was
> {imap-n.oca.eu/ssl/user=jpcoulon}INBOX. I was not using TLS.
Jean-Pierre,
> My inbox path is {imap-n.oca.eu:993/user=jpcoulon}INBOX it was
> {imap-n.oca.eu/ssl/user=jpcoulon}INBOX. I was not using TLS.
there is nothing wrong with the way you used to configure Alpine,if it
is not working is probably because before you stablish the IMAP
connection, you must establish the secure connection, and this one is
failing. This os [rpbably because your server requires that your program
understands the the TLSv1.2 protocol and uses the DHE-RSA-AES256-SHA
cipher. If this is not possible for your client, it is possible that the
server decides to close the connection, because it feels that the client
does not use "secure" (in todays standards) protocols. Invesitgate this
point with your technical support team.
Jean-Pierre Coulon
Sep 2, 2017, 8:40:54 AM9/2/17
to
On Fri, 1 Sep 2017, Eduardo Chappa wrote:
> there is nothing wrong with the way you used to configure Alpine,if it is
> not working is probably because before you stablish the IMAP connection, you
> must establish the secure connection, and this one is failing. This os
> [rpbably because your server requires that your program understands the the
> TLSv1.2 protocol and uses the DHE-RSA-AES256-SHA cipher. If this is not
> possible for your client,
My client is Alpine 2.10. Does it understand the TLSv1.2 protocol?
> there is nothing wrong with the way you used to configure Alpine,if it is
> not working is probably because before you stablish the IMAP connection, you
> must establish the secure connection, and this one is failing. This os
> [rpbably because your server requires that your program understands the the
> TLSv1.2 protocol and uses the DHE-RSA-AES256-SHA cipher. If this is not
> possible for your client,
> it is possible that the server decides to close
> the connection, because it feels that the client does not use "secure"
> (in todays standards) protocols. Invesitgate this point with your
> technical support team.
describe the problem to my imap server admins?
Jean-Pierre Coulon
J.O. Aho
Sep 2, 2017, 9:30:39 AM9/2/17
to
On 09/02/17 14:40, Jean-Pierre Coulon wrote:
> On Fri, 1 Sep 2017, Eduardo Chappa wrote:
>
>> there is nothing wrong with the way you used to configure Alpine,if
>> it is not working is probably because before you stablish the IMAP
>> connection, you must establish the secure connection, and this one is
>> failing. This os [rpbably because your server requires that your
>> program understands the the TLSv1.2 protocol and uses the
>> DHE-RSA-AES256-SHA cipher. If this is not possible for your client,
>
> My client is Alpine 2.10. Does it understand the TLSv1.2 protocol?
Alpine will use the openssl which you have installed on your system, if
> On Fri, 1 Sep 2017, Eduardo Chappa wrote:
>
>> there is nothing wrong with the way you used to configure Alpine,if
>> it is not working is probably because before you stablish the IMAP
>> connection, you must establish the secure connection, and this one is
>> failing. This os [rpbably because your server requires that your
>> program understands the the TLSv1.2 protocol and uses the
>> DHE-RSA-AES256-SHA cipher. If this is not possible for your client,
>
> My client is Alpine 2.10. Does it understand the TLSv1.2 protocol?
you have say 0.9.8 version of openssl, it don't support TLSv1.2.
If you have one of the latest openssl 1.1 something, then some older
ciphers has been disabled as those are insecure.
--
//Aho
Jean-Pierre Coulon
Sep 2, 2017, 9:34:05 AM9/2/17
to
On Sat, 2 Sep 2017, J.O. Aho wrote:
> Alpine will use the openssl which you have installed on your system, if
> you have say 0.9.8 version of openssl, it don't support TLSv1.2.
> If you have one of the latest openssl 1.1 something, then some older
> ciphers has been disabled as those are insecure.
How can I know which openssl is installed on my Windows XP?
> Alpine will use the openssl which you have installed on your system, if
> you have say 0.9.8 version of openssl, it don't support TLSv1.2.
> If you have one of the latest openssl 1.1 something, then some older
> ciphers has been disabled as those are insecure.
Jean-Pierre Coulon
J.O. Aho
Sep 2, 2017, 5:09:27 PM9/2/17
to
person who compiled it.
If it's dynamically built, then you should have an openssl dll, think
you can get some information by right click on it in explorer and select
properties.
--
//Aho
Eduardo Chappa
Sep 2, 2017, 5:17:12 PM9/2/17
to
version of SSL (the one that comes in windows, not the one distributed by
Openssl.org.)
Just four your information, Mozilla has its own ssl code, so it does not
use the system's ssl libraries. It is in my plans to switch PC-Alpine to
use LibreSSL, so we do not have this type of issues in the future, but I
need a computer that runs windows before I can do that. So I am not sure I
can be of much assistance to you at this time.
Ask your techinical support what encryption protocols and ciphers are
supported by their imap server, and if they have deprecated support for
older ones in the last few days. Explain to them that you are using a
program that was compatible with their services and see if they will help
you during this transition or not.
Thank you.
Jean-Pierre Coulon
Sep 3, 2017, 10:37:17 AM9/3/17
to
On Sat, 2 Sep 2017, Eduardo Chappa wrote:
> It is a good question, but that means that your Alpine was compiled with a
> version of SSL (the one that comes in windows, not the one distributed by
> Openssl.org.)
I downloaded the binary from
> It is a good question, but that means that your Alpine was compiled with a
> version of SSL (the one that comes in windows, not the one distributed by
> Openssl.org.)
http://alpine.freeiz.com/alpine/release/alpine-2.20.html
Now I have Alpine 2.20 but the problem remains. Does alpine use an SSL
library present on my computer or is it too late?
> Ask your techinical support what encryption protocols and ciphers are
> supported by their imap server, and if they have deprecated support for
> older ones in the last few days. Explain to them that you are using a
> program that was compatible with their services and see if they will help
> you during this transition or not.
Jean-Pierre Coulon
Eduardo Chappa
Oct 7, 2017, 3:05:05 PM10/7/17
to
On Sun, 3 Sep 2017, Jean-Pierre Coulon wrote:
> I downloaded the binary from
> http://alpine.freeiz.com/alpine/release/alpine-2.20.html Now I have
> Alpine 2.20 but the problem remains. Does alpine use an SSL library
> present on my computer or is it too late?
Jean-Pierre,
> I downloaded the binary from
> http://alpine.freeiz.com/alpine/release/alpine-2.20.html Now I have
> Alpine 2.20 but the problem remains. Does alpine use an SSL library
> present on my computer or is it too late?
I have a version of PC-Alpine that might help you. Contact me off-list
so that I can share it with you. I hope it will help you connect to your
server again.
0 new messages