[Kde-pim] Review Request: Add SSL protocol version fallback for IMAP servers not supporting it correctly

Andreas Hartmetz ahartmetz at gmail.com
Fri Nov 2 15:47:01 GMT 2012



> On Oct. 31, 2012, 6:26 a.m., Kevin Ottens wrote:
> > Just wondering, shouldn't that be a behavior to implement in KTcpSocket instead? That would avoid duplicating this logic at several places, and from KTcpSocket user point of view it's really an implementation detail.

For STARTTLS-type SSL startup this can't be done transparently in KTcpSocket. STARTTLS is usually issued when some state has already been established between client and server, which can't be repeated without knowing about protocol details.
We have to thank crappy servers for that ugly layering violation.


- Andreas


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/107099/#review21189
-----------------------------------------------------------


On Nov. 2, 2012, 2:31 p.m., Stefan Brüns wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/107099/
> -----------------------------------------------------------
> 
> (Updated Nov. 2, 2012, 2:31 p.m.)
> 
> 
> Review request for KDEPIM-Libraries, Kevin Ottens, Andreas Hartmetz, Dawit Alemayehu, and Thiago Macieira.
> 
> 
> Description
> -------
> 
> Normally any server greeted with an TLS1.2 (protocol version 03.03) ClientHello should answer with an ServerHello indicating the highest common version. Unfortunately there are some servers out there not doing this, exiting with an fatal TLS alert.
> In this case, try again with TLS1.0, SSLv3 and SSLv2.
> 
> This happens as openSSL 1.0.1 supports TLS1.1/1.2, which will be used if KTcpSocket::AnySslVersion is used. openSSL <= 1.0.0 only supports TLS1.0, so this not an issue then.
> 
> This patch only adds this behaviour to the "normal" imap ressource, but something similar is also needed in the server setup dialog.
> 
> Something similar is done in the TCP ioslave, see https://git.reviewboard.kde.org/r/103610/
> 
> 
> This addresses bugs 306964 and 308854.
>     http://bugs.kde.org/show_bug.cgi?id=306964
>     http://bugs.kde.org/show_bug.cgi?id=308854
> 
> 
> Diffs
> -----
> 
>   kimap/sessionthread.cpp a1bd0502a3f488fbe7b7ae8013544a00012a0ea3 
>   kimap/sessionthread_p.h 672c418733e12ba39b81ee0193d0dd03d395ce0c 
> 
> Diff: http://git.reviewboard.kde.org/r/107099/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Stefan Brüns
> 
>

_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/


More information about the kde-pim mailing list