GNOME Bugzilla – Bug 739179
[Camel] Enable TLS for SSL connections
Last modified: 2014-10-29 07:02:14 UTC
The error that appears in the dovecot logs on the server is Oct 25 11:25:24 bedivere dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=50.46.151.111, lip=66.63.167.143, TLS handshaking: SSL_accept() failed: error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol, session=<z5PDa0MGDgAyLpdv> Which means the server can't find a common ssl cipher. I've fixed this for myself by backing the server down to openssl 1.0.1e with the various CVE fixes, but not everyone will have the option of doing this. What I think needs to happen is for evolution to offer the expanded ssl ciphersuite as choices on the ssl handshake.
Thanks for a bug report. There exists a fix for this, ask your distribution maintainers of the evolution-data-server to include it. Please refer to: https://mail.gnome.org/archives/evolution-list/2014-October/msg00113.html
I'm getting that applied. Since everyone (who noticed) seems to be using the RH patch, what's wrong with putting it upstream in the 3.10 fixes branch so it propagates everywhere without them having to discover and diagnose the issue? Your resolution is also flawed. This can only be marked FIXED if it is actually fixed upstream ... otherwise you'll really confuse everyone. If the intention is to force all distributions to download the RH patch, then the issue should probably be WONTFIX
I wrote my point of view at the message list: https://mail.gnome.org/archives/evolution-hackers/2014-October/msg00016.html Limited man power is limited man power. This is fixed for 3.12, the *current* stable version. 3.10 is obsolete these days.
Created attachment 289562 [details] [review] eds patch for 3.10.x- for evolution-data-server; A patch for 3.10.x and earlier versions to fix the TLS/SSL issue from the downstream bug report. Distributions can add it on their own.