[plug] unable to use secure email connection to iinet

Steve Boak sboak at westnet.com.au
Sun Dec 4 10:44:52 AWST 2022 

Hi Bill

I have an original westnet email address, so that's probably why it 
works for me. At some time in the past I had trouble with Westnet's 
servers and swapped to iiNet. I think that was when TLS1.2 became a 
requirement, and at that time Westnet was the one with issues.

Steve


On 4/12/2022 10:31 am, William Kenworthy wrote:
>
> Hi Steve,
>
> tkx for this - ssl works, but I cant login (getmailrc: 
> credential/login error (b'[AUTHENTICATIONFAILED] Authentication 
> failed.') even on plain imap). Ive tried pop3SSL (on port 995) and 
> IMAPSSL on ports 143 and 993 - I presume my logins are restricted to 
> iinet only?  One difference is that the iinet server temp temp key is 
> shorter than what I believe my openssl version will accept.
>
> SSL differences: (left of the "|" is Westnet, right is iinet)
>
> server Temp Key: ECDH, P-256, 256 bits  |  Server Temp Key: DH, 1024 bits
> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384 |  New, TLSv1.2, 
> Cipher is DHE-RSA-AES256-GCM-SHA384
>   Server public key is 2048 bit  |  Server public key is 2048 bit
>
>       Protocol  : TLSv1.2  |      Protocol  : TLSv1.2
>       Cipher    : ECDHE-RSA-AES256-SHA384  |      Cipher    : 
> DHE-RSA-AES256-GCM-SHA384
> The above cyphers do exist on my system:
>
> ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA Enc=AES(256)  
> Mac=SHA384
>
> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA Enc=AESGCM(256) 
> Mac=AEAD
>
>
> I presume its working for some - but how?
>
> BillK
>
>
>
>
> On 4/12/22 07:15, Steve Boak wrote:
>>
>> Hi William
>>
>> I had this problem using fetchmail, and emailed iiNet support (copy 
>> below) with my solution. Obviously they haven't managed to fix it :-(
>>
>>
>> Hi Support
>>
>> Did you change the TLS settings on mail.iinet.net.au (POP3) on or 
>> about Saturday the 5th of November?
>>
>> From sometime on the 5th of November, I have been unable to retrieve 
>> emails from mail.iinet.net.au using POP3 and TLS1, getting an error 
>> *mail.iinet.net.au: upgrade to TLS failed.*
>>
>> Changing to TLS1.2 also doesn't work on mail.iinet.net.au, with the 
>> error *OpenSSL reported: error:141A318A:SSL 
>> routines:tls_process_ske_dhe:dh key too small*
>>
>> I have finally got email working again by changing to POP3 on 
>> mail.westnet.com.au, where TLS1.2 is working correctly.
>>
>> Hope that helps...
>>
>> Steve
>>
>>
>> On 3/12/2022 9:26 pm, William Kenworthy wrote:
>>>
>>> Hi, is anyone able to retrieve email from iinet using SSL/TLS for 
>>> either POP3 or IMAP using getmail or fetchmail since their changes 
>>> on the 7th Nov?  I had to remove SSL/TLS after this date to get it 
>>> working - so plain text :(
>>>
>>> I am currently using openssl 1.1.1q, python 3.10.8 and getmail.  I 
>>> was originally using fetchmail but that didn't work either.  The 
>>> errors vary depending on whether POP3 is used (something like dh too 
>>> short) to unknown SSL version for IMAP (even when specifying TLS1.2) 
>>> on ports 143 or 993. Testing using openssl s_client doesn't give any 
>>> clues.
>>>
>>> BillK
>>>
>>>
>>>
>>> _______________________________________________
>>> PLUG discussion list:plug at plug.org.au
>>> http://lists.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail:committee at plug.org.au
>>> PLUG Membership:http://www.plug.org.au/membership
>> -- 
>> Steve Boak, VK6HSB
>> 0411 255 789
>> P.O. Box 240, Nannup, WA 6275
>>
>> _______________________________________________
>> PLUG discussion list:plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail:committee at plug.org.au
>> PLUG Membership:http://www.plug.org.au/membership
>
> _______________________________________________
> PLUG discussion list:plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail:committee at plug.org.au
> PLUG Membership:http://www.plug.org.au/membership

-- 
Steve Boak, VK6HSB
0411 255 789
P.O. Box 240, Nannup, WA 6275
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20221204/024b73df/attachment.html>

More information about the plug mailing list