support for starttls
Johannes Stezenbach
js at sig21.net
Fri Apr 8 17:57:33 BST 2011
Hi,
On Tue, Apr 05, 2011 at 11:26:33PM +0200, dtk wrote:
> FWIW I attached some wireshark dumps.
I looked at your dumps and it seems to me like your Python ssl
support is buggy. Maybe you can try with a different Python and/or
openssl version.
FWIW, you can make wireshark decode the TLS handshake
by right-clicking on the first packet after the STARTLS
"Response: OK Begin TLS negotiation now", then
"Decode As...", then on the Transport tab choose
"TCP _both_ ports as _SSL_".
Your client announces TLSv1 protocol version, which the
server accepts, but then the client errors with
"wrong protocol version", or just stops responding.
Doesn't make sense to me.
Can you connect using openssl s_client?
openssl s_client -connect <host>:143 -starttls imap -crlf -tls1
If that works and your openssl uses the same libcrypto.so/libssl.so
as Python's ssl module, then maybe the latter has an issue.
You could try to edit imaplib2.py to change
the ssl.wrap_socket() call in starttls() to add
"ssl_version=ssl.PROTOCOL_TLSv1" as last parameter.
However, since the TLSv1 Client Hello in you pcap dumps
already announces TLSv1 I'm not sure this will help.
Worth a try anyway.
HTH,
Johannes
More information about the OfflineIMAP-project
mailing list