[Evolution] REPOST: Bug in TLS for POP3 and IMAP

[Sheldon Hearn <sheldonh clue co za>]

Hi folks,

Anyone have a chance to look at this?

Ciao,
Sheldon.

--- Begin Message ---

• From: Sheldon Hearn <sheldonh clue co za>
• To: evolution lists ximian com
• Subject: Bug in TLS for POP3 and IMAP
• Date: Sat, 23 Apr 2005 22:28:47 +0200

Hi folks,

I think I've encountered a bug in evolution-2.0.3's POP3 TLS handling.

I've configure Evolution to use SSL "Whenever possible", so that it
connects to port 110 and then issues the STLS command.  This works for
SMTP, but for POP3 or IMAP I get:

        Error while Fetching Mail.
        
        Failed to connect to POP server pop.clue.co.za in secure mode:
        SSL negotiations failed.
        
The courier-imapd / courier-pop3d shared log file shows this:

        pop3d: couriertls: accept: error:1408F10B:SSL
        routines:SSL3_GET_RECORD:wrong version number

I've seen posts on other mailing lists that suggest that this error is
caused by a client trying to use SSL2/SSL3 instead of TLS1 after the
STLS command.

I've tested the same account using the following fetchmail
configuration:

        poll pop.clue.co.za protocol pop3
                username sheldonh clue co za
                password XXXXX
                sslproto tls1
                keep

Fetchmail works.  I've attached Ethereal stream dump showing the
difference between Evolution's conversation with the server and
fetchmail's conversation with the server.  In each dump, data from the
client is indented, and everything after STLS is given as an hex dump.

Any ideas?

Ciao,
Sheldon.

+OK Hello there.
    CAPA
+OK Here's what I can do:
STLS
TOP
USER
LOGIN-DELAY 10
PIPELINING
UIDL
IMPLEMENTATION Courier Mail Server

--- End Message ---