Re: TLS not working with iOS beta?

On 4 Sep 2019, at 21:35, Jean-Daniel <jddupas@xooloo.com> wrote:

Just a wild guess as I didn’t try to configure Mail on Catalina yet, but it looks like your server only supports ‘DHE-RSA…’ ciphers. I think that modern systems prefers using ECDHE key exchange and would not be surprise if iOS requires it.

Well I got the OpenSSL parts working now, but newer versions still refuses to work after establishing with ECDHE, I just get no login attempts and no user:

imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=55.66.77.88, lip=11.22.33.44, TLS, TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Regards Henrik

Non working iOS 13

Sep 08 11:25:47 auth: Debug: auth client connected (pid=23934) SeSep 08 11:25:47 auth: Debug: auth client connected (pid=23934)p 08 11:25:47 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 08 11:25:47 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A SeSep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client certificate A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A Sep 08 11:25:47 imap-login: Debug: SSL: whereSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A =0x2002,Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client certificate A Debug: SSL: where=0x2001, ret=1: SSLv3 flush data Sep 08 1Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A 1:25Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A :Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A 4Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A 11:25:47 imap-login: Debug: SSL alert: close notify Sep 08 11:Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read certificate verify A 25Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A :47 Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A iSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data map-Sep 08 11:25:47 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully SSLv3 write key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: wherSep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully e=0x2001, ret=1:Sep 08 11:25:47 imap-login: Debug: SSL alert: close notify Sep 08 11:25:47 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=55.66.77.88, lip=11.22.33.44, TLS, TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits), session=<fU+qvQeSGTJb6jE9> SSLvSep 08 11:25:47 imap-login: Debug: SSL alert: close notify

Working MacOS 10.14.6

Sep 08 11:24:09 auth: Debug: auth client connected (pid=23912) Sep 08 11:24:09 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A ep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, reSep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client certificate A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A ep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read certificate verify A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read finished A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data Sep 08 11:24:09 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully