Handshake failure

[iojea]

Hi,

Since you are testing v1.0.0 I am coming back with this issue. Today I was able to build the master branch from source (something that had failed in all my previous attempts). But I am still unable to access my university account. My config.toml looks like this:

accounts.dm]
default = true
email = "iojea@dm.uba.ar"
display-name = "Ignacio Ojea"
downloads-dir = "~/Downloads"
backend = "imap"
message.send.backend = "smtp"
imap.host = "imap.dm.uba.ar"
imap.port = 993
imap.encryption = "tls"
imap.login = "iojea"
imap.passwd.command = "pass show iojea/DM"
smtp.host = "smtp.dm.uba.ar"
smtp.port = 587
smtp.encryption = "tls"
smtp.login = "iojea"
smtp.passwd.command = "pass show iojea/DM"

When I run himalaya I am asked for my pass password, and when I type it I get the following error. This has not changed with respect to v0.9.0.

 WARN cannot build imap session: cannot connect to imap server, attempt (1)    
 WARN cannot build imap session: cannot connect to imap server, attempt (2)    
 WARN cannot build imap session: cannot connect to imap server, attempt (3)    
 WARN cannot build imap session after 3 attempts, aborting    
Error: 
   0: cannot connect to imap server
   1: IO error: received fatal alert: HandshakeFailure

Note: Run with --debug to enable logs with spantrace.
Note: Run with --trace to enable verbose logs with backtrace.

The output of himalaya --debug is:

2024-11-01T13:22:05.134607Z  INFO executing list envelopes command
2024-11-01T13:22:05.134820Z DEBUG running single command: pass show iojea/DM    
2024-11-01T13:22:05.298842Z  INFO building new imap context    
2024-11-01T13:22:05.298883Z DEBUG creating session using login and password    
2024-11-01T13:22:05.301615Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:22:05.301805Z DEBUG Not resuming any session    
2024-11-01T13:22:05.307519Z  WARN cannot build imap session: cannot connect to imap server, attempt (1)    
2024-11-01T13:22:05.307567Z DEBUG creating session using login and password    
2024-11-01T13:22:05.308678Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:22:05.309879Z DEBUG Not resuming any session    
2024-11-01T13:22:05.314075Z  WARN cannot build imap session: cannot connect to imap server, attempt (2)    
2024-11-01T13:22:05.314104Z DEBUG creating session using login and password    
2024-11-01T13:22:05.315863Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:22:05.316616Z DEBUG Not resuming any session    
2024-11-01T13:22:05.325273Z  WARN cannot build imap session: cannot connect to imap server, attempt (3)    
2024-11-01T13:22:05.325313Z DEBUG creating session using login and password    
2024-11-01T13:22:05.326110Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:22:05.326204Z DEBUG Not resuming any session    
2024-11-01T13:22:05.332215Z  WARN cannot build imap session after 3 attempts, aborting    
Error: 
   0: cannot connect to imap server
   1: IO error: received fatal alert: HandshakeFailure

Location:
   /build/source/src/backend/mod.rs:638

Note: Run with --trace to enable verbose logs with backtrace.

The output of himalaya --trace is:

2024-11-01T13:23:26.251980Z  INFO executing list envelopes command
2024-11-01T13:23:26.252189Z DEBUG running single command: pass show iojea/DM    
2024-11-01T13:23:26.252771Z TRACE registering event source with poller: token=Token(134759672380800), interests=READABLE | WRITABLE    
2024-11-01T13:23:26.252809Z TRACE registering event source with poller: token=Token(134759677776000), interests=READABLE | WRITABLE    
2024-11-01T13:23:26.252833Z TRACE registering event source with poller: token=Token(134759677776384), interests=READABLE    
2024-11-01T13:23:26.412726Z TRACE deregistering event source from poller    
2024-11-01T13:23:26.412786Z TRACE deregistering event source from poller    
2024-11-01T13:23:26.412799Z TRACE deregistering event source from poller    
2024-11-01T13:23:26.412841Z  INFO building new imap context    
2024-11-01T13:23:26.412849Z DEBUG creating session using login and password    
2024-11-01T13:23:26.415430Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:23:26.415597Z DEBUG Not resuming any session    
2024-11-01T13:23:26.415639Z TRACE Sending ClientHello Message {
    version: TLSv1_0,
    payload: Handshake {
        parsed: HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: 639db4cd48a035d1e82c1a53ad85b51ea8ec7789d17b7597a39103854351048a,
                    session_id: 01b5a9cf992dfef65d7c77ce42eef18592df3bb2bec8cc6fd871a3a804c0ecdb,
                    cipher_suites: [
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                                TLSv1_2,
                            ],
                        ),
                        EcPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp256r1,
                                secp384r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            Ocsp(
                                OcspCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: ,
                                },
                            ),
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DnsName(
                                            "imap.dm.uba.ar",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: 5a70551802d80831a70bd97839d9c19016c99e84dcfcc06abd8351945efaec59,
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        SessionTicket(
                            Request,
                        ),
                    ],
                },
            ),
        },
        encoded: 010000e80303639db4cd48a035d1e82c1a53ad85b51ea8ec7789d17b7597a39103854351048a2001b5a9cf992dfef65d7c77ce42eef18592df3bb2bec8cc6fd871a3a804c0ecdb0014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d00205a70551802d80831a70bd97839d9c19016c99e84dcfcc06abd8351945efaec59002d0002010100230000,
    },
}    
2024-11-01T13:23:26.421168Z  WARN cannot build imap session: cannot connect to imap server, attempt (1)    
2024-11-01T13:23:26.421253Z DEBUG creating session using login and password    
2024-11-01T13:23:26.422759Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:23:26.422934Z DEBUG Not resuming any session    
2024-11-01T13:23:26.422978Z TRACE Sending ClientHello Message {
    version: TLSv1_0,
    payload: Handshake {
        parsed: HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: a4eb8f8448e56b2a445759150c2e3ef014bb0db98283e4ce6742528e160e8cb1,
                    session_id: 851330c593d9da9690a85a825060abce9cb68e390f2ec20893ba104c147fee5d,
                    cipher_suites: [
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                                TLSv1_2,
                            ],
                        ),
                        EcPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp256r1,
                                secp384r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            Ocsp(
                                OcspCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: ,
                                },
                            ),
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DnsName(
                                            "imap.dm.uba.ar",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: 536f7ab28df8dce1f74d76b06869f4f6414599abc5d339a6020f09d39e86534d,
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        SessionTicket(
                            Request,
                        ),
                    ],
                },
            ),
        },
        encoded: 010000e80303a4eb8f8448e56b2a445759150c2e3ef014bb0db98283e4ce6742528e160e8cb120851330c593d9da9690a85a825060abce9cb68e390f2ec20893ba104c147fee5d0014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d0020536f7ab28df8dce1f74d76b06869f4f6414599abc5d339a6020f09d39e86534d002d0002010100230000,
    },
}    
2024-11-01T13:23:26.428105Z  WARN cannot build imap session: cannot connect to imap server, attempt (2)    
2024-11-01T13:23:26.428115Z DEBUG creating session using login and password    
2024-11-01T13:23:26.429195Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:23:26.429282Z DEBUG Not resuming any session    
2024-11-01T13:23:26.429305Z TRACE Sending ClientHello Message {
    version: TLSv1_0,
    payload: Handshake {
        parsed: HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: 54e9a0c80e23622f1b327ee5780527785f55f70ff879c674a406f178c3b9b2cf,
                    session_id: 410acfd4c805a20eb9ab0d7dc93a057fa05e8c435aca5751f53c00ac285595fa,
                    cipher_suites: [
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                                TLSv1_2,
                            ],
                        ),
                        EcPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp256r1,
                                secp384r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            Ocsp(
                                OcspCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: ,
                                },
                            ),
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DnsName(
                                            "imap.dm.uba.ar",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: 9bd0d81d46610090fd126f2d0926e47122d0a6aedb9cd2c9cbb8a75af5985a39,
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        SessionTicket(
                            Request,
                        ),
                    ],
                },
            ),
        },
        encoded: 010000e8030354e9a0c80e23622f1b327ee5780527785f55f70ff879c674a406f178c3b9b2cf20410acfd4c805a20eb9ab0d7dc93a057fa05e8c435aca5751f53c00ac285595fa0014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d00209bd0d81d46610090fd126f2d0926e47122d0a6aedb9cd2c9cbb8a75af5985a39002d0002010100230000,
    },
}    
2024-11-01T13:23:26.434369Z  WARN cannot build imap session: cannot connect to imap server, attempt (3)    
2024-11-01T13:23:26.434378Z DEBUG creating session using login and password    
2024-11-01T13:23:26.435233Z DEBUG No cached session for DnsName("imap.dm.uba.ar")    
2024-11-01T13:23:26.435332Z DEBUG Not resuming any session    
2024-11-01T13:23:26.435354Z TRACE Sending ClientHello Message {
    version: TLSv1_0,
    payload: Handshake {
        parsed: HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: f0317bb7fe5b67b9c39038d5d5ec2cf959c1f8bda0fb7b868e8be969beb555cd,
                    session_id: 46b41b8ca2df119e2a4b2cd87b5d0731f3d0729c5ab5e4b66c92d0e0b1308094,
                    cipher_suites: [
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                                TLSv1_2,
                            ],
                        ),
                        EcPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp256r1,
                                secp384r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            Ocsp(
                                OcspCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: ,
                                },
                            ),
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DnsName(
                                            "imap.dm.uba.ar",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: 3f84deff9f47febef50414d25779c69a0ffaf538a72f316ba9cea71645017722,
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        SessionTicket(
                            Request,
                        ),
                    ],
                },
            ),
        },
        encoded: 010000e80303f0317bb7fe5b67b9c39038d5d5ec2cf959c1f8bda0fb7b868e8be969beb555cd2046b41b8ca2df119e2a4b2cd87b5d0731f3d0729c5ab5e4b66c92d0e0b13080940014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d00203f84deff9f47febef50414d25779c69a0ffaf538a72f316ba9cea71645017722002d0002010100230000,
    },
}    
2024-11-01T13:23:26.440445Z  WARN cannot build imap session after 3 attempts, aborting    
Error: 
   0: cannot connect to imap server
   1: IO error: received fatal alert: HandshakeFailure

Location:
   /build/source/src/backend/mod.rs:638

  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                ⋮ 3 frames hidden ⋮                               
   4: himalaya::email::envelope::command::list::ListEnvelopesCommand::execute::{{closure}}::h45c698d3d348ab89
      at <unknown source file>:<unknown line>
   5: tokio::runtime::park::CachedParkThread::block_on::h55e0cb240d0bc81c
      at <unknown source file>:<unknown line>
   6: tokio::runtime::context::runtime::enter_runtime::h07fdf3eeb91a6311
      at <unknown source file>:<unknown line>
   7: tokio::runtime::runtime::Runtime::block_on::hed83e9d496bb757f
      at <unknown source file>:<unknown line>
   8: himalaya::main::h0eefd20397af79ba
      at <unknown source file>:<unknown line>
   9: std::sys_common::backtrace::__rust_begin_short_backtrace::h49ef2140b8710848
      at <unknown source file>:<unknown line>
  10: std::rt::lang_start::{{closure}}::h768a8bc4e460bbc2
      at <unknown source file>:<unknown line>
  11: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h5ec8c9a223df7d15
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/core/src/ops/function.rs:284
  12: std::panicking::try::do_call::h2dcd2c78950ddfec
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:554
  13: std::panicking::try::hce5bc4bcb0fe9f5d
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:518
  14: std::panic::catch_unwind::hb71ed5db6f0535df
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panic.rs:142
  15: std::rt::lang_start_internal::{{closure}}::h02e44d6341d8a0e0
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/rt.rs:148
  16: std::panicking::try::do_call::h607b189d049eee65
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:554
  17: std::panicking::try::h419673dfebc39c5d
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:518
  18: std::panic::catch_unwind::hdab4b753f5ca84c0
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panic.rs:142
  19: std::rt::lang_start_internal::hc5ae2f59965906d9
      at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/rt.rs:148
  20: main<unknown>
      at <unknown source file>:<unknown line>

I don´t know what causes this issue, but I have successfully configured other mail clients with essentially the same config. I hope this can be fixed... Thanks!

[soywod]

Sorry for the delay. Looks definitely like a TLS issue, but does not look obvious to me at first glance. When I compare with my logs:

2024-11-05T15:21:43.204043Z TRACE client::build: rustls::client::hs: Sending ClientHello Message {
    version: TLSv1_0,
    payload: Handshake {
        parsed: HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: 8a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2,
                    session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b,
                    cipher_suites: [
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: 8e1b0bc03f2ed3c6b1ac776cc205e5b427cdaa000387bcabea59289d7b64183a,
                                },
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DnsName(
                                            "posteo.de",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        SupportedVersions(
                            [
                                TLSv1_3,
                                TLSv1_2,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp256r1,
                                secp384r1,
                            ],
                        ),
                        CertificateStatusRequest(
                            Ocsp(
                                OcspCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: ,
                                },
                            ),
                        ),
                        Protocols(
                            [
                                ProtocolName(
                                    696d6170,
                                ),
                            ],
                        ),
                        SessionTicket(
                            Request,
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        EcPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                    ],
                },
            ),
        },
        encoded: 010000ee03038a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2207686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b0014130213011303c02cc02bcca9c030c02fcca800ff01000091002d00020101003300260024001d00208e1b0bc03f2ed3c6b1ac776cc205e5b427cdaa000387bcabea59289d7b64183a001700000000000e000c000009706f7374656f2e6465002b00050403040303000a00080006001d0017001800050005010000000000100007000504696d617000230000000d00140012050304030807080608050804060105010401000b00020100,
    },
}    
2024-11-05T15:21:43.223142Z TRACE client::build: rustls::client::hs: Got HRR HelloRetryRequest { legacy_version: TLSv1_2, session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b, cipher_suite: TLS13_AES_256_GCM_SHA384, extensions: [SupportedVersions(TLSv1_3), KeyShare(secp384r1)] }    
2024-11-05T15:21:43.226147Z TRACE client::build: rustls::client::hs: Sending ClientHello Message {
    version: TLSv1_2,
    payload: Handshake {
        parsed: HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: 8a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2,
                    session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b,
                    cipher_suites: [
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: secp384r1,
                                    payload: 04d07bff18162199be7cb2d7d7981064f36c06764b50689bc05e1e42d03ff05c9d29ab5b5b814e133084fc242e0413ad81dd317fe5405c2ae29027c2ae6dab8656e591d07999d13d2f87a70a885a997745d527d05b968cb1454259b72f80cf054a,
                                },
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DnsName(
                                            "posteo.de",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        SupportedVersions(
                            [
                                TLSv1_3,
                                TLSv1_2,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp256r1,
                                secp384r1,
                            ],
                        ),
                        CertificateStatusRequest(
                            Ocsp(
                                OcspCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: ,
                                },
                            ),
                        ),
                        Protocols(
                            [
                                ProtocolName(
                                    696d6170,
                                ),
                            ],
                        ),
                        SessionTicket(
                            Request,
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        EcPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                    ],
                },
            ),
        },
        encoded: 0100012f03038a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2207686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b0014130213011303c02cc02bcca9c030c02fcca800ff010000d2002d000201010033006700650018006104d07bff18162199be7cb2d7d7981064f36c06764b50689bc05e1e42d03ff05c9d29ab5b5b814e133084fc242e0413ad81dd317fe5405c2ae29027c2ae6dab8656e591d07999d13d2f87a70a885a997745d527d05b968cb1454259b72f80cf054a001700000000000e000c000009706f7374656f2e6465002b00050403040303000a00080006001d0017001800050005010000000000100007000504696d617000230000000d00140012050304030807080608050804060105010401000b00020100,
    },
}    
2024-11-05T15:21:43.226560Z TRACE client::build: rustls::conn: Dropping CCS    
2024-11-05T15:21:43.253327Z TRACE client::build: rustls::client::hs: We got ServerHello ServerHelloPayload {
    extensions: [
        SupportedVersions(
            TLSv1_3,
        ),
        KeyShare(
            KeyShareEntry {
                group: secp384r1,
                payload: 04e4e9c53dfc83202dcffd679cbf88b468c9b4743d96b21fc64da18153f3a9202e6040dca510efa13527bdd0242c3674b7b858637484910f2ec19608b8f3610971e6f38ca511b17d29934c1d443fee4f3cc61a4efa9967dbe532bbbc0c82c69141,
            },
        ),
    ],
    legacy_version: TLSv1_2,
    random: 5b33236e7196b56beff305c9243278f217996d1d40c42e500c2fdbf2a653e35a,
    session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b,
    cipher_suite: TLS13_AES_256_GCM_SHA384,
    compression_method: Null,
}    

I notice that your server drops straight the ClientHello message (due to TLS 1.0?), whereas my server sends a HelloRetryRequest which allows me to try TLS 1.2. I will investigate and let you know.

Does your server support STARTTLS? If so, could you try?

PS: you can now download a pre-built binary from the CI, which prevents you to rebuild the project. This only work if you use default cargo features!

[soywod]

This is the full error: ConnectTls(Custom { kind: InvalidData, error: AlertReceived(HandshakeFailure) }). I will open an issue to rustls and seek for help.

[soywod]

To summarize: rustls is not compatible with your server. I tried many other crypto providers and none worked. One went a bit further but still failed later on. The last think I could do is to try with OpenSSL, but I need to refactor to many things first. Let's keep this issue open till I finally capable of testing with OpenSSL.

[iojea]

Ok... Sad news.

Just two comments: 1) if I use start-tls in the config file, himalaya seems to enter a loop of something. Running himalaya --trace I get:

2024-11-06T00:20:50.677849Z  INFO himalaya::email::envelope::command::list: executing list envelopes command
2024-11-06T00:20:50.679704Z DEBUG email::imap: building 1 IMAP clients

And nothing else happens. It looks like it is trying to build the IMAP client for ever.

2) The server is supposed to be compatible with TLS 1.2

3) Some time ago I tried meli-email, and I was able to configure it and access my mail. I don't know if meli uses rustls.

Thanks for checking this out!

[soywod]

1. if I use start-tls in the config file, himalaya seems to enter a loop of something.

It basically means that the server does not support STARTTLS as well. Although he infinite loop is strange, I will check if there is not an issue with the retry algorithm

The server is supposed to be compatible with TLS 1.2

After investigation from Rustls, it's not a TLS version issue but more a ciphersuites one. Your server seems to only support an old, insecure algorithm (DHE) that is purposefully not handled by Rustls.

Some time ago I tried meli-email, and I was able to configure it and access my mail. I don't know if meli uses rustls.

If I do not mistake, meli only supports native-tls. Good news: it confirm the fact that Himalaya would work with native-tls. Bad news: we are still far from supporting it, yet it's at the top priority. Here a mini-roadmap of what is missing:

• [ ] I am currently working on a compat layer for TcpStream and TlsStream. I am still prototyping it, so it may change. The idea behind is to use a common enum TcpStream or TlsStream supporting different backends, including Rustls and OpenSSL (via Native TLS).
• [ ] The low-level crate imap-next used for IMAP only supports Rustls at the moment. It needs to integrate a compatibility layer (like the one I am working on).
• [ ] The high-level crate imap-client also supports Rustls only.
• [ ] The high-level email-lib also supports Rustls only (it just requires some cargo feature forwarding tho)
• [ ] Finally, Himalaya CLI also supports Rustls only (it just requires some cargo feature forwarding tho)

Stay tuned! I will update this issue every time a new step is done.