
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Hi Bill</p>

    <p>I have an original westnet email address, so that's probably why

      it works for me. At some time in the past I had trouble with

      Westnet's servers and swapped to iiNet. I think that was when

      TLS1.2 became a requirement, and at that time Westnet was the one

      with issues.</p>

    <p>Steve</p>

    <p><br>

    </p>

    <div class="moz-cite-prefix">On 4/12/2022 10:31 am, William

      Kenworthy wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:9a2ff70d-2291-81f2-7c00-1b485483922c@iinet.net.au">

      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

      <p>Hi Steve, <br>

      </p>

      <p>tkx for this - ssl works, but I cant login (getmailrc:

        credential/login error (b'[AUTHENTICATIONFAILED] Authentication

        failed.') even on plain imap). Ive tried pop3SSL (on port 995)

        and IMAPSSL on ports 143 and 993 - I presume my logins are

        restricted to iinet only?  One difference is that the iinet

        server temp temp key is shorter than what I believe my openssl

        version will accept.<br>

      </p>

      <p>SSL differences: (left of the "|" is Westnet, right is iinet)<br>

      </p>

      <p>server Temp Key: ECDH, P-256, 256 bits  |  Server Temp Key: DH,

        1024

bits                                                                       

         <br>

        New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384 |  New, TLSv1.2,

        Cipher is

DHE-RSA-AES256-GCM-SHA384                                                    

         <br>

          Server public key is 2048 bit  |  Server public key is 2048

bit                                                                        

         <br>

        <br>

              Protocol  : TLSv1.2  |      Protocol  :

TLSv1.2                                                                              

         <br>

              Cipher    : ECDHE-RSA-AES256-SHA384  |      Cipher    :

DHE-RSA-AES256-GCM-SHA384                                                            

         <br>

        The above cyphers do exist on my system:</p>

      <p>ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA 

        Enc=AES(256)  Mac=SHA384</p>

      <p>DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA 

        Enc=AESGCM(256) Mac=AEAD<br>

      </p>

      <p><br>

      </p>

      <p>I presume its working for some - but how?<br>

      </p>

      <p>BillK</p>

      <p><br>

      </p>

      <p><br>

      </p>

      <p><br>

      </p>

      <div class="moz-cite-prefix">On 4/12/22 07:15, Steve Boak wrote:<br>

      </div>

      <blockquote type="cite"

        cite="mid:d309bde3-840b-e384-2971-512cd650247c@westnet.com.au">

        <meta http-equiv="Content-Type" content="text/html;

          charset=UTF-8">

        <p>Hi William</p>

        <p>I had this problem using fetchmail, and emailed iiNet support

          (copy below) with my solution. Obviously they haven't managed

          to fix it :-(</p>

        <p><br>

        </p>

        <p>Hi Support</p>

        <p>Did you change the TLS settings on mail.iinet.net.au (POP3)

          on or about Saturday the 5th of November?</p>

        <p>From sometime on the 5th of November, I have been unable to

          retrieve emails from mail.iinet.net.au using POP3 and TLS1,

          getting an error <b>mail.iinet.net.au: upgrade to TLS failed.</b></p>

        <p>Changing to TLS1.2 also doesn't work on mail.iinet.net.au,

          with the error <b>OpenSSL reported: error:141A318A:SSL

            routines:tls_process_ske_dhe:dh key too small</b></p>

        <p>I have finally got email working again by changing to POP3 on

          mail.westnet.com.au, where TLS1.2 is working correctly.</p>

        <p>Hope that helps...</p>

        <p>Steve</p>

        <p><br>

        </p>

        <div class="moz-cite-prefix">On 3/12/2022 9:26 pm, William

          Kenworthy wrote:<br>

        </div>

        <blockquote type="cite"

          cite="mid:7ba134bf-9691-1b08-8c3f-6d76dee24596@iinet.net.au">

          <meta http-equiv="content-type" content="text/html;

            charset=UTF-8">

          <p>Hi, is anyone able to retrieve email from iinet using

            SSL/TLS for either POP3 or IMAP using getmail or fetchmail

            since their changes on the 7th Nov?  I had to remove SSL/TLS

            after this date to get it working - so plain text :(</p>

          <p>I am currently using openssl 1.1.1q, python 3.10.8 and

            getmail.  I was originally using fetchmail but that didn't

            work either.  The errors vary depending on whether POP3 is

            used (something like dh too short) to unknown SSL version

            for IMAP (even when specifying TLS1.2) on ports 143 or 993. 

            Testing using openssl s_client doesn't give any clues. <br>

          </p>

          <p>BillK</p>

          <p><br>

          </p>

          <br>

          <fieldset class="moz-mime-attachment-header"></fieldset>

          <pre class="moz-quote-pre" wrap="">_______________________________________________

PLUG discussion list: <a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:plug@plug.org.au" moz-do-not-send="true">plug@plug.org.au</a>

<a class="moz-txt-link-freetext" href="http://lists.plug.org.au/mailman/listinfo/plug" moz-do-not-send="true">http://lists.plug.org.au/mailman/listinfo/plug</a>

Committee e-mail: <a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:committee@plug.org.au" moz-do-not-send="true">committee@plug.org.au</a>

PLUG Membership: <a class="moz-txt-link-freetext" href="http://www.plug.org.au/membership" moz-do-not-send="true">http://www.plug.org.au/membership</a></pre>

        </blockquote>

        <pre class="moz-signature" cols="72">-- 

Steve Boak, VK6HSB

0411 255 789

P.O. Box 240, Nannup, WA 6275</pre>

        <br>

        <fieldset class="moz-mime-attachment-header"></fieldset>

        <pre class="moz-quote-pre" wrap="">_______________________________________________

PLUG discussion list: <a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:plug@plug.org.au" moz-do-not-send="true">plug@plug.org.au</a>

<a class="moz-txt-link-freetext" href="http://lists.plug.org.au/mailman/listinfo/plug" moz-do-not-send="true">http://lists.plug.org.au/mailman/listinfo/plug</a>

Committee e-mail: <a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:committee@plug.org.au" moz-do-not-send="true">committee@plug.org.au</a>

PLUG Membership: <a class="moz-txt-link-freetext" href="http://www.plug.org.au/membership" moz-do-not-send="true">http://www.plug.org.au/membership</a></pre>

      </blockquote>

      <br>

      <fieldset class="moz-mime-attachment-header"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

PLUG discussion list: <a class="moz-txt-link-abbreviated" href="mailto:plug@plug.org.au">plug@plug.org.au</a>

<a class="moz-txt-link-freetext" href="http://lists.plug.org.au/mailman/listinfo/plug">http://lists.plug.org.au/mailman/listinfo/plug</a>

Committee e-mail: <a class="moz-txt-link-abbreviated" href="mailto:committee@plug.org.au">committee@plug.org.au</a>

PLUG Membership: <a class="moz-txt-link-freetext" href="http://www.plug.org.au/membership">http://www.plug.org.au/membership</a></pre>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Steve Boak, VK6HSB

0411 255 789

P.O. Box 240, Nannup, WA 6275</pre>

  </body>

</html>