Ubuntu
claws-mail package

claws-mail turns off TLS for "SMTP over SSL"

Bug #1445977 reported by Henryk Plötz on 2015-04-19

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	claws-mail (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Ubuntu 14.04 LTS
claws-mail 3.9.3

The claws-mail package of Ubuntu 14.04 LTS has separate code paths for "Use SSL for SMTP connection" and "Use STARTTLS command to start SSL session", with the first of the two disabling all TLS versions. Due to its security vulnerabilities very few SMTP servers still support SSLv3, so the first option is mostly useless now.

The problem is here: http://git.claws-mail.org/?p=claws.git;a=blob;f=src/common/ssl.c;h=113462b37d6299c9807317fcf9da098ef4e87c76;hb=5f224c577a9ab7b8e0a2c1af1148ea1010e50426#l287
Newer versions of claws ship without the entire "'SMTP over SSL' is different from 'STARTTLS'" logic. I realize that you probably don't want to upgrade a package version within the LTS phase. Instead a local patch could just remove the ":-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2" part of that string.

Steps to reproduce:
1. Get a mail account on a server that supports SMTP over SSL/TLS, usually on Port 465 (SSMTP). Make sure that SSL versions 2 and 3 on the server are deactivated.
2. Set up the account in claws-mail, selecting "Send (SMTP)": "[X] Use SSL for SMTP connection" in the "Account->SSL" settings.
3. Try to send mail using that account

Actual results:
(Using claws-mail --debug)
ssl.c:229:waiting for SSL_connect thread...
ssl.c:247:SSL_connect thread returned -12

** (claws-mail:16415): WARNING **: SSL connection failed (A TLS fatal alert has been received.)

** (claws-mail:16415): WARNING **: can't initialize SSL.

** (claws-mail:16415): WARNING **: [20:31:54] SSL handshake failed

** (claws-mail:16415): WARNING **: [20:31:54] Error occurred while sending the message.

Expected results:
The mail should have been sent.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: claws-mail 3.9.3-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-49.83-generic 3.13.11-ckt17
Uname: Linux 3.13.0-49-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.10
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Apr 19 20:32:42 2015
ExecutablePath: /usr/bin/claws-mail
InstallationDate: Installed on 2010-10-27 (1635 days ago)
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
SourcePackage: claws-mail
UpgradeStatus: Upgraded to trusty on 2014-04-22 (362 days ago)

Tags:

Revision history for this message

Henryk Plötz (henryk-ploetzli) wrote on 2015-04-19:

Dependencies.txt Edit (7.4 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (404 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (85.5 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (874 bytes, text/plain; charset="utf-8")

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-05-10:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in claws-mail (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuclaws-mail package