For some clarification: this is due to the upgrade to openssl 1.1.1 in bionic-upgrades, which includes TLSv1.3 support. This leads to connections being negotiated als TLSv1.3, and Google's IMAP servers reject the connection (by returning an invalid certificate with a message) if the attempt is not using SNI.
Here is a simple way to reproduce this, without a PHP script or anything:
For some clarification: this is due to the upgrade to openssl 1.1.1 in bionic-upgrades, which includes TLSv1.3 support. This leads to connections being negotiated als TLSv1.3, and Google's IMAP servers reject the connection (by returning an invalid certificate with a message) if the attempt is not using SNI.
Here is a simple way to reproduce this, without a PHP script or anything:
$ apt-get install uw-mailutils googlemail. com:993/ imap/ssl} INBOX"
$ mailutil check "{imap.
This will work if the OpenSSL 1.1.0 library is installed, but fail if 1.1.1 is there:
root@e6e4f3531a 65:/app# mailutil check "{imap. googlemail. com:993/ imap/ssl} INBOX"Certifica te failure for imap.googlemail .com: self signed certificate: /OU=No SNI provided; please fix your client. /CN=invalid2. invalid .com: self signed certificate: /OU=No SNI provided; please fix your client. /CN=invalid2. invalid 65:/app# openssl version
Certificate failure for imap.googlemail
root@e6e4f3531a
OpenSSL 1.1.0g 2 Nov 2017 (Library: OpenSSL 1.1.1 11 Sep 2018)