[Evolution] Bug#765838: Evolution is not able to use TLSv1 or higher (only SSLv3)
Nicolas DEFFAYET
nicolas at deffayet.com
Sat Oct 18 15:43:08 UTC 2014
Package: evolution-data-server
Version: 3.4.4-3
Severity: critical
Issue
-----
Evolution is not able to use TLSv1 or higher (only SSLv3) when
configuring IMAP account with SSL on port 993.
On server side, when SSLv3 is disabled in Dovecot configuration,
Evolution client can't connect:
TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
See https://bugzilla.redhat.com/show_bug.cgi?id=1153052 for more
details.
Many service provider disable SSLv3 on their server due to security hole
of SSLv3 (CVE-2014-3566 - Poodle vulnerability).
Where is the bug ?
------------------
>From evolution-data-server-3.4.4/camel/camel-network-service.c
---
switch (method) {
case CAMEL_NETWORK_SECURITY_METHOD_NONE:
stream = camel_tcp_stream_raw_new ();
break;
case
CAMEL_NETWORK_SECURITY_METHOD_STARTTLS_ON_STANDARD_PORT:
stream = camel_tcp_stream_ssl_new_raw (
session, host,
CAMEL_TCP_STREAM_SSL_ENABLE_TLS);
break;
case
CAMEL_NETWORK_SECURITY_METHOD_SSL_ON_ALTERNATE_PORT:
stream = camel_tcp_stream_ssl_new (
session, host,
CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 |
CAMEL_TCP_STREAM_SSL_ENABLE_SSL3);
break;
default:
g_return_val_if_reached (NULL);
}
---
CAMEL_TCP_STREAM_SSL_ENABLE_TLS is missing after
CAMEL_TCP_STREAM_SSL_ENABLE_SSL3 for allow the use of TLS.
How fix the issue ?
-------------------
Apply patch in Redhat bugreport:
https://bugzilla.redhat.com/attachment.cgi?id=947480&action=diff
--
Nicolas DEFFAYET
More information about the Pkg-evolution-maintainers
mailing list