Re: [Evolution] Evolution no longer connects with iCloud IMAP mail

From: Ángel González <angel 16bits net>
To: evolution-list gnome org
Subject: Re: [Evolution] Evolution no longer connects with iCloud IMAP mail
Date: Sun, 12 Oct 2014 13:57:40 +0200

Kevin Taggart wrote:

Hello,

I am experiencing a recent issue with Evolution and iCloud IMAP mail, in
which I can no longer connect via the current settings auto-generated by
Evolution when setting up my iCloud account.

I can send email, just not receive it.

Then it's just a problem with the IMAP connection, and SMTP is not
affected

I am running Evolution 3.10.4 under Ubuntu 14.04 LTS. All other
networking features/functions work correctly, as did Evolution until one
week ago.

If anyone has any ideas, please post them.

When I try to connect, I get the following error:
"Could not connect to 'imap.mail.me.com:993': Cannot communicate
securely with peer: no common encryption algorithm(s)."

It is important to note that this is a recent problem, starting only
last week. Prior to that, I was able to connect just fine using the same
settings.

 
It's possible that they changed their server cipher preferences, and you
don't longer are able to agree on a common one.
Although it seems very strange.

From ssllabs scan, they appear to support:

TLS_RSA_WITH_DES_CBC_SHA (0x9)
WEAK
56
TLS_RSA_WITH_RC4_128_MD5 (0x4) 
128
TLS_RSA_WITH_RC4_128_SHA (0x5) 
128
TLS_RSA_WITH_AES_128_CBC_SHA
(0x2f) 
128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
(0x41) 
128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) 
128
TLS_RSA_WITH_AES_128_CBC_SHA256
(0x3c) 
128
TLS_RSA_WITH_AES_128_GCM_SHA256
(0x9c) 
128
TLS_RSA_WITH_3DES_EDE_CBC_SHA
(0xa) 
112
TLS_RSA_WITH_AES_256_CBC_SHA
(0x35) 
256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
(0x84) 
256
TLS_RSA_WITH_AES_256_CBC_SHA256
(0x3d) 
256
TLS_RSA_WITH_AES_256_GCM_SHA384
(0x9d) 
256
TLS_RSA_WITH_DES_CBC_SHA (0x9)
WEAK
56


which shouldn't be a problem under Ubuntu 14.04.

I'm not sure which crypto engine is used by evolution, but 
If for instance it was using openssl engine, I would expect them to
agree on TLS_RSA_WITH_AES_256_GCM_SHA384 (result given for OpenSSL
1.0.1h)

As it uses libnss, I would expect something between
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) and
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f).

If you can sniff that connection, we could look at which are being
advertised by your evolution (only the TLS Client Hello is needed,
although a few more packets may be useful too)

References:
- [Evolution] Evolution no longer connects with iCloud IMAP mail
  - From: Kevin Taggart

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]