[trojita] connection errors

2020-04-06 Thread David Gessel

Searching for a viable alternative to resource hungry Thunderbird or 
orthdoxy-crippled claws, I stumbled on Trojita for windows. I'd love to give it 
a try, but when it tries to connect to my dovecot server, i get:

Apr 06 03:26:22 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, 
rip=185.106.28.249, lip=10.3.69.135, TLS handshaking: SSL_accept() failed: 
error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number, 
session=
Apr 06 03:26:28 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, 
rip=185.106.28.249, lip=10.3.69.135, TLS handshaking: SSL_accept() failed: 
error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number, 
session=

SSL connection to port 993.

Is there a ciphersuite limitation?


-David




Re: [trojita] connection errors

2020-04-06 Thread Jan Kundrát

(All, please keep David in Cc, he's not subscribed to the list.)

Searching for a viable alternative to resource hungry 
Thunderbird or orthdoxy-crippled claws, I stumbled on Trojita 
for windows. I'd love to give it a try, but when it tries to 
connect to my dovecot server, i get:


Hi David,
are you building yourself, or is this coming from our Windows build?

I'm asking because our Windows builds are done on a best-effort basis. We 
relied on MinGW packages on Fedora/EPEL, and I have a feeling that these 
are not well maintained :(. I think that nobody from the dev team really 
runs Trojita on Windows on a daily basis (I know I don't).


Apr 06 03:26:22 imap-login: Info: Disconnected (no auth 
attempts in 0 secs): user=<>, rip=185.106.28.249, 
lip=10.3.69.135, TLS handshaking: SSL_accept() failed: 
error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version 
number, session=


Yes, this looks like a mismatch in supported ciphers (or perhaps TLS 
protocols?). You could try either relaxing the requirements on the server 
side (while understanding the security implications, which might be tricky; 
presumably there's a reason why your likely rejects some ciphers), or 
building Trojita yourself with an up-to-date OpenSSL.


With kind regards,
Jan

--
Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/



Re: [trojita] connection errors

2020-04-06 Thread David Gessel

I'm subscribed now!

On 2020-04-06 13:47, Jan Kundrát wrote:

(All, please keep David in Cc, he's not subscribed to the list.)


Searching for a viable alternative to resource hungry Thunderbird or 
orthdoxy-crippled claws, I stumbled on Trojita for windows. I'd love to give it 
a try, but when it tries to connect to my dovecot server, i get:


Hi David,
are you building yourself, or is this coming from our Windows build?

I'm asking because our Windows builds are done on a best-effort basis. We 
relied on MinGW packages on Fedora/EPEL, and I have a feeling that these are 
not well maintained :(. I think that nobody from the dev team really runs 
Trojita on Windows on a daily basis (I know I don't).


Apr 06 03:26:22 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, 
rip=185.106.28.249, lip=10.3.69.135, TLS handshaking: SSL_accept() failed: 
error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number, 
session=


Yes, this looks like a mismatch in supported ciphers (or perhaps TLS 
protocols?). You could try either relaxing the requirements on the server side 
(while understanding the security implications, which might be tricky; 
presumably there's a reason why your likely rejects some ciphers), or building 
Trojita yourself with an up-to-date OpenSSL.


It seems likely.  I am running the following config with dovecot:

ssl = required
ssl_cert = 

With kind regards,
Jan