[plug] unable to use secure email connection to iinet

William Kenworthy billk at iinet.net.au
Sun Dec 4 10:31:28 AWST 2022 

Hi Steve,

tkx for this - ssl works, but I cant login (getmailrc: credential/login 
error (b'[AUTHENTICATIONFAILED] Authentication failed.') even on plain 
imap). Ive tried pop3SSL (on port 995) and IMAPSSL on ports 143 and 993 
- I presume my logins are restricted to iinet only?  One difference is 
that the iinet server temp temp key is shorter than what I believe my 
openssl version will accept.

SSL differences: (left of the "|" is Westnet, right is iinet)

server Temp Key: ECDH, P-256, 256 bits  |  Server Temp Key: DH, 1024 bits
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384 |  New, TLSv1.2, Cipher 
is DHE-RSA-AES256-GCM-SHA384
   Server public key is 2048 bit  |  Server public key is 2048 bit

       Protocol  : TLSv1.2  |      Protocol  : TLSv1.2
       Cipher    : ECDHE-RSA-AES256-SHA384  |      Cipher    : 
DHE-RSA-AES256-GCM-SHA384
The above cyphers do exist on my system:

ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256) Mac=SHA384

DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA Enc=AESGCM(256) 
Mac=AEAD


I presume its working for some - but how?

BillK




On 4/12/22 07:15, Steve Boak wrote:
>
> Hi William
>
> I had this problem using fetchmail, and emailed iiNet support (copy 
> below) with my solution. Obviously they haven't managed to fix it :-(
>
>
> Hi Support
>
> Did you change the TLS settings on mail.iinet.net.au (POP3) on or 
> about Saturday the 5th of November?
>
> From sometime on the 5th of November, I have been unable to retrieve 
> emails from mail.iinet.net.au using POP3 and TLS1, getting an error 
> *mail.iinet.net.au: upgrade to TLS failed.*
>
> Changing to TLS1.2 also doesn't work on mail.iinet.net.au, with the 
> error *OpenSSL reported: error:141A318A:SSL 
> routines:tls_process_ske_dhe:dh key too small*
>
> I have finally got email working again by changing to POP3 on 
> mail.westnet.com.au, where TLS1.2 is working correctly.
>
> Hope that helps...
>
> Steve
>
>
> On 3/12/2022 9:26 pm, William Kenworthy wrote:
>>
>> Hi, is anyone able to retrieve email from iinet using SSL/TLS for 
>> either POP3 or IMAP using getmail or fetchmail since their changes on 
>> the 7th Nov?  I had to remove SSL/TLS after this date to get it 
>> working - so plain text :(
>>
>> I am currently using openssl 1.1.1q, python 3.10.8 and getmail.  I 
>> was originally using fetchmail but that didn't work either.  The 
>> errors vary depending on whether POP3 is used (something like dh too 
>> short) to unknown SSL version for IMAP (even when specifying TLS1.2) 
>> on ports 143 or 993. Testing using openssl s_client doesn't give any 
>> clues.
>>
>> BillK
>>
>>
>>
>> _______________________________________________
>> PLUG discussion list:plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail:committee at plug.org.au
>> PLUG Membership:http://www.plug.org.au/membership
> -- 
> Steve Boak, VK6HSB
> 0411 255 789
> P.O. Box 240, Nannup, WA 6275
>
> _______________________________________________
> PLUG discussion list:plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail:committee at plug.org.au
> PLUG Membership:http://www.plug.org.au/membership
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20221204/8e5ff60e/attachment.html>

More information about the plug mailing list