mguessan / davmail

DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange and Office 365 Gateway - Synced with main subversion repository at
http://davmail.sourceforge.net
GNU General Public License v2.0
583 stars 86 forks source link

Support TLS 1.3? #375

Open esabol opened 9 hours ago

esabol commented 9 hours ago

@ifrh wrote:

Okay it seems to me, that DavMail do not support TLS 1.3 - or is there some way to activate TLS 1.3 via "propertie"-file?

2024-12-04 23:13:48,607 DEBUG [CaldavConnection-54261] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
[...]
2024-12-04 23:13:48,752 DEBUG [CaldavConnection-54261] org.apache.http.client.protocol.RequestAddCookies  - CookieSpec selected: default
2024-12-04 23:13:48,752 DEBUG [CaldavConnection-54261] org.apache.http.client.protocol.RequestAuthCache  - Auth cache not set in the context
2024-12-04 23:13:48,752 DEBUG [CaldavConnection-54261] org.apache.http.impl.conn.PoolingHttpClientConnectionManager  - Connection request: [route: {s}->https://OWA-SERVER.DOMAIN.TLD:443][total kept alive: 0; route allocated: 0 of 5; total allocated: 0 of 20]
2024-12-04 23:13:48,752 DEBUG [CaldavConnection-54261] org.apache.http.impl.conn.PoolingHttpClientConnectionManager  - Connection leased: [id: 1][route: {s}->https://OWA-SERVER.DOMAIN.TLD:443][total kept alive: 0; route allocated: 1 of 5; total allocated: 1 of 20]
2024-12-04 23:13:48,752 DEBUG [CaldavConnection-54261] org.apache.http.impl.execchain.MainClientExec  - Opening connection {s}->https://OWA-SERVER.DOMAIN.TLD:443
2024-12-04 23:13:48,752 DEBUG [CaldavConnection-54261] org.apache.http.impl.conn.DefaultHttpClientConnectionOperator  - Connecting to OWA-SERVER.DOMAIN.TLD/SOME-IP-ADDRESS:443
2024-12-04 23:13:48,752 DEBUG [CaldavConnection-54261] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Connecting socket to OWA-SERVER.DOMAIN.TLD/SOME-IP-ADDRESS:443 with timeout 10000
2024-12-04 23:13:48,814 DEBUG [CaldavConnection-54261] davmail.http.DavGatewaySSLSocketFactory  - createSocket OWA-SERVER.DOMAIN.TLD 443
2024-12-04 23:13:48,814 DEBUG [CaldavConnection-54261] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
2024-12-04 23:13:48,824 DEBUG [CaldavConnection-54261] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2024-12-04 23:13:48,824 DEBUG [CaldavConnection-54261] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Starting handshake
2024-12-04 23:13:48,897 DEBUG [CaldavConnection-54261] org.apache.http.impl.conn.DefaultManagedHttpClientConnection  - http-outgoing-2: Shutdown connection
2024-12-04 23:13:48,948 DEBUG [CaldavConnection-54261] org.apache.http.impl.execchain.MainClientExec  - Connection discarded
2024-12-04 23:13:48,948 DEBUG [CaldavConnection-54261] org.apache.http.impl.conn.PoolingHttpClientConnectionManager  - Connection released: [id: 1][route: {s}->https://OWA-SERVER.DOMAIN.TLD:443][total kept alive: 0; route allocated: 0 of 5; total allocated: 0 of 20]
2024-12-04 23:13:48,948 DEBUG [CaldavConnection-54261] org.apache.http.impl.conn.PoolingHttpClientConnectionManager  - Connection manager is shutting down
2024-12-04 23:13:48,957 DEBUG [CaldavConnection-54261] org.apache.http.impl.conn.PoolingHttpClientConnectionManager  - Connection manager shut down
2024-12-04 23:13:48,957 ERROR [CaldavConnection-54261] davmail.exchange.ExchangeSession  - Exchange login exception: Received fatal alert: handshake_failure
2024-12-04 23:13:48,969 ERROR [CaldavConnection-54261] davmail  - Exchange login exception: Received fatal alert: handshake_failure
davmail.exception.DavMailException: Exchange login exception: Received fatal alert: handshake_failure
    at davmail.exchange.auth.ExchangeFormAuthenticator.authenticate(ExchangeFormAuthenticator.java:238)
    at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:208)
    at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:97)
    at davmail.caldav.CaldavConnection.run(CaldavConnection.java:178)

Originally posted by @ifrh in https://github.com/mguessan/davmail/issues/374#issuecomment-2518698578

ifrh commented 8 hours ago

Found some information

I think davmail-6.2.2-3546-windows-standalone\jre\conf\security\java.security could somehow modified... But did not get it, what to change.

esabol commented 2 hours ago

I don't know if it would help or not, but maybe just add , "TLSv1.3" to the SUPPORTED_PROTOCOLS array here: https://github.com/mguessan/davmail/blob/2938a7bc37c280fe072c235914bb8e644d9a18d6/src/java/davmail/http/HttpClientAdapter.java#L75