update-crypto-policies not affecting Gnome Online Accounts

Status changed to 'Confirmed' because the bug affects multiple users.

Thank you for taking the time to report this bug and help make Ubuntu better. Unfortunately, we cannot work on this bug because your description didn't include enough information. You may find it helpful to read 'How to report bugs effectively' http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem.

We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures.

At a minimum, we need:
1. The specific steps or actions you took that caused you to encounter the problem.
2. The behavior you expected.
3. The behavior you actually encountered (in as much detail as possible).

Thanks!

1. The specific steps or actions you took that caused you to encounter the problem.

a. Go to Gnome Online Accounts and add a Google Apps Account (in my case nyu.edu)
b. After entering the email address see the following error:
Error performing TLS handshake: The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
c. Use update-crypto-policies to change setting to LEGACY and EMPTY then repeating step A
d. Attempted the connection again.

2. The behavior you expected.

I would have expected to be able to connect under LEGACY or EMPTY. Or, alternatively, I would have expected a different error message (since by definition LEGACY would have accepted the shorter prime and EMPTY wouldn't have needed it).

3. The behavior you actually encountered (in as much detail as possible).

See that the error message still talks about "not long enough" in all 3 cases.

If you check the duplicate cases you will see that as of 20.04 connections are failing because of weak crypto. The only workaround is to tell the local system to lower its standards (LEGACY or NONE) until the people running the server get their act together.

But, since the error message remains constant, even when the setting has been changed, it looks like the mechanism running Online Accounts might not be referencing the setting like it should.

Now, it could just as likely be a poorly worded error message.

The following worked for me: see https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/1866974/comments/8

The workaround works. Good workaround. Looking forward to an eventual fix.

Could someone report this upstream

https://gitlab.gnome.org/GNOME/gnome-online-accounts/issues/

I just encountered this issue when upgrading from 21.10 to 22.04, not with a google account but with an orange.fr account. Workarounded thanks to #4.

Thunderbird has gotten really balky, so I decided to try Evolution.

Bad News. I have no trouble with Thunderbird, which Autoconfigures accounts nicely, but Evolution pops up this error, so I can NOT set up any accounts and my solution is: I'm NOT changing from Thunderbird. Evolution not working is NOT an option and I am NOT messing around wasting time to try to make it work.

Linux Mint 20.2 Mate 64-bit LiveMedia in ROM (Locked Kanguru USB drive)
Thunderbird 78.8.1 (64-bit)
Evolution 3.36.5-0ubuntu1

Art in Carlisle, PA USA