[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-pim
Subject: Re: [Kde-pim] Review Request: Add SSL protocol version fallback for IMAP servers not supporting it c
From: "Andreas Hartmetz" <ahartmetz () gmail ! com>
Date: 2012-11-02 15:51:33
Message-ID: 20121102155133.16540.29638 () vidsolbach ! de
[Download RAW message or body]
> On Oct. 31, 2012, 6:26 a.m., Kevin Ottens wrote:
> > Just wondering, shouldn't that be a behavior to implement in KTcpSocket instead? \
> > That would avoid duplicating this logic at several places, and from KTcpSocket \
> > user point of view it's really an implementation detail.
>
> Andreas Hartmetz wrote:
> For STARTTLS-type SSL startup this can't be done transparently in KTcpSocket. \
> STARTTLS is usually issued when some state has already been established between \
> client and server, which can't be repeated without knowing about protocol details. \
> We have to thank crappy servers for that ugly layering violation.
What could possibly be done is moving the "version negotiation for broken servers" \
(only for connections that start out with SSL) from KIO::TCPSlaveBase to KTcpSocket. \
That's more or less unrelated to this patch, though.
- Andreas
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/107099/#review21189
-----------------------------------------------------------
On Nov. 2, 2012, 2:31 p.m., Stefan Brüns wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/107099/
> -----------------------------------------------------------
>
> (Updated Nov. 2, 2012, 2:31 p.m.)
>
>
> Review request for KDEPIM-Libraries, Kevin Ottens, Andreas Hartmetz, Dawit \
> Alemayehu, and Thiago Macieira.
>
> Description
> -------
>
> Normally any server greeted with an TLS1.2 (protocol version 03.03) ClientHello \
> should answer with an ServerHello indicating the highest common version. \
> Unfortunately there are some servers out there not doing this, exiting with an \
> fatal TLS alert. In this case, try again with TLS1.0, SSLv3 and SSLv2.
>
> This happens as openSSL 1.0.1 supports TLS1.1/1.2, which will be used if \
> KTcpSocket::AnySslVersion is used. openSSL <= 1.0.0 only supports TLS1.0, so this \
> not an issue then.
> This patch only adds this behaviour to the "normal" imap ressource, but something \
> similar is also needed in the server setup dialog.
> Something similar is done in the TCP ioslave, see \
> https://git.reviewboard.kde.org/r/103610/
>
> This addresses bugs 306964 and 308854.
> http://bugs.kde.org/show_bug.cgi?id=306964
> http://bugs.kde.org/show_bug.cgi?id=308854
>
>
> Diffs
> -----
>
> kimap/sessionthread.cpp a1bd0502a3f488fbe7b7ae8013544a00012a0ea3
> kimap/sessionthread_p.h 672c418733e12ba39b81ee0193d0dd03d395ce0c
>
> Diff: http://git.reviewboard.kde.org/r/107099/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Stefan Brüns
>
>
_______________________________________________
KDE PIM mailing list kde-pim@kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic