[Kde-pim] Review Request: Add SSL protocol version fallback for IMAP servers not supporting it correctly
Stefan Brüns
stefan.bruens at rwth-aachen.de
Thu Nov 1 00:41:04 GMT 2012
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/107099/
-----------------------------------------------------------
(Updated Nov. 1, 2012, 12:41 a.m.)
Review request for KDEPIM-Libraries, Kevin Ottens, Dawit Alemayehu, and Thiago Macieira.
Changes
-------
added thiago and adawit to comment on the issue raised by ervin (solve it globally in KTcpSocket)
Description
-------
Normally any server greeted with an TLS1.2 (protocol version 03.03) ClientHello should answer with an ServerHello indicating the highest common version. Unfortunately there are some servers out there not doing this, exiting with an fatal TLS alert.
In this case, try again with TLS1.0, SSLv3 and SSLv2.
This happens as openSSL 1.0.1 supports TLS1.1/1.2, which will be used if KTcpSocket::AnySslVersion is used. openSSL <= 1.0.0 only supports TLS1.0, so this not an issue then.
This patch only adds this behaviour to the "normal" imap ressource, but something similar is also needed in the server setup dialog.
Something similar is done in the TCP ioslave, see https://git.reviewboard.kde.org/r/103610/
This addresses bug 306964.
http://bugs.kde.org/show_bug.cgi?id=306964
Diffs
-----
kimap/sessionthread.cpp a1bd0502a3f488fbe7b7ae8013544a00012a0ea3
kimap/sessionthread_p.h 672c418733e12ba39b81ee0193d0dd03d395ce0c
Diff: http://git.reviewboard.kde.org/r/107099/diff/
Testing
-------
Thanks,
Stefan Brüns
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list