Kevin Taggart wrote: > Hello, > > I am experiencing a recent issue with Evolution and iCloud IMAP mail, in > which I can no longer connect via the current settings auto-generated by > Evolution when setting up my iCloud account.
> I can send email, just not receive it. Then it's just a problem with the IMAP connection, and SMTP is not affected > I am running Evolution 3.10.4 under Ubuntu 14.04 LTS. All other > networking features/functions work correctly, as did Evolution until one > week ago. > > If anyone has any ideas, please post them. > When I try to connect, I get the following error: > "Could not connect to 'imap.mail.me.com:993': Cannot communicate > securely with peer: no common encryption algorithm(s)." > > It is important to note that this is a recent problem, starting only > last week. Prior to that, I was able to connect just fine using the same > settings. It's possible that they changed their server cipher preferences, and you don't longer are able to agree on a common one. Although it seems very strange. >From ssllabs scan, they appear to support: > TLS_RSA_WITH_DES_CBC_SHA (0x9) > WEAK > 56 > TLS_RSA_WITH_RC4_128_MD5 (0x4) > 128 > TLS_RSA_WITH_RC4_128_SHA (0x5) > 128 > TLS_RSA_WITH_AES_128_CBC_SHA > (0x2f) > 128 > TLS_RSA_WITH_CAMELLIA_128_CBC_SHA > (0x41) > 128 > TLS_RSA_WITH_SEED_CBC_SHA (0x96) > 128 > TLS_RSA_WITH_AES_128_CBC_SHA256 > (0x3c) > 128 > TLS_RSA_WITH_AES_128_GCM_SHA256 > (0x9c) > 128 > TLS_RSA_WITH_3DES_EDE_CBC_SHA > (0xa) > 112 > TLS_RSA_WITH_AES_256_CBC_SHA > (0x35) > 256 > TLS_RSA_WITH_CAMELLIA_256_CBC_SHA > (0x84) > 256 > TLS_RSA_WITH_AES_256_CBC_SHA256 > (0x3d) > 256 > TLS_RSA_WITH_AES_256_GCM_SHA384 > (0x9d) > 256 > TLS_RSA_WITH_DES_CBC_SHA (0x9) > WEAK > 56 > which shouldn't be a problem under Ubuntu 14.04. I'm not sure which crypto engine is used by evolution, but If for instance it was using openssl engine, I would expect them to agree on TLS_RSA_WITH_AES_256_GCM_SHA384 (result given for OpenSSL 1.0.1h) As it uses libnss, I would expect something between TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) and TLS_RSA_WITH_AES_128_CBC_SHA (0x2f). If you can sniff that connection, we could look at which are being advertised by your evolution (only the TLS Client Hello is needed, although a few more packets may be useful too) _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
