search

thunderbird / thunderbird-android

Thunderbird for Android – Open Source Email App for Android (fka K-9 Mail)
https://thunderbird.net/mobile
Apache License 2.0
11.05k stars 2.51k forks source link

error:10000410:ssl (boringssl android 14) pop3/imap #8181

Open itpp16 opened 1 month ago

itpp16 commented 1 month ago

Checklist

App version

Latest 6804 from git (here)

Where did you get the app from?

Other

Android version

14 (security update 1-sep-2024)

Device model

s24 samsung

Steps to reproduce

Any account with pop3/imap. Connect to Dovecot with ssl/tls.

Screenshot_20240929_112004_K-9 Mail

Expected behavior

Success connect.

Actual behavior

See screen shot about boringssl error. (Steps to reproduce)

Logs

error:10000410:ssl routines:openssl_internal:sslv3_alert_handshake_failure (boringssl android 14) see Steps to reproduce.

Dovecot blamed but looks like android problem. https://www.aqua-mail.com/forum/index.php?PHPSESSID=b54gea24qmsouh1qleccqgp9m4&topic=6824.msg41212#msg41212

Stunnel supplies an ARM openssl binary, could this work/be added?

I am aware this may very well be a Google/Android issue with boringssl, but we all know if we waited for a fix we'd be at android v291... It looks to me Stunnel had this issue and supplies an openssl ARM binary (https://www.stunnel.org/downloads/stunnel-latest-android.zip)

Tests done from windows/openssl:

POP (does not work in k9, error:10000410) Windows-test: openssl s_client -connect mail.anon.nl:995 SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES128-SHA Verify return code: 19 (self signed certificate in certificate chain)

+OK Dovecot ready.

IMAP (does not work in k9, error:10000410) Windows-test: openssl s_client -connect mail.anon.nl:993 SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES128-SHA Verify return code: 19 (self signed certificate in certificate chain)

SMTP (StartTLS in k9 for smtp works!) Windows-test: openssl s_client -starttls smtp -connect mail.anon.nl:587 SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Verify return code: 19 (self signed certificate in certificate chain)

250 DSN quit 221 2.0.0 Bye

DeepMac commented 1 month ago

I can attest I experience this same exact error on K-9 6.804 on Android 14 for my Google Pixel 7 pro There's an additional discussion here --> https://forum.k9mail.app/t/k9-broken-after-latest-android-14-update/10037/11 I provided logs there from my ancient IMAP server.

When I run K-9 6.804 on Android 14 on my Samsung Tab S8 however, it works fine. Same IMAP server with same configuration options. Samsung may not have updated Boringssl on that device to the impacted version.