Package: evolution-data-server Version: 3.4.4-3 Severity: critical
Issue ----- Evolution is not able to use TLSv1 or higher (only SSLv3) when configuring IMAP account with SSL on port 993. On server side, when SSLv3 is disabled in Dovecot configuration, Evolution client can't connect: TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher See https://bugzilla.redhat.com/show_bug.cgi?id=1153052 for more details. Many service provider disable SSLv3 on their server due to security hole of SSLv3 (CVE-2014-3566 - Poodle vulnerability). Where is the bug ? ------------------ >From evolution-data-server-3.4.4/camel/camel-network-service.c --- switch (method) { case CAMEL_NETWORK_SECURITY_METHOD_NONE: stream = camel_tcp_stream_raw_new (); break; case CAMEL_NETWORK_SECURITY_METHOD_STARTTLS_ON_STANDARD_PORT: stream = camel_tcp_stream_ssl_new_raw ( session, host, CAMEL_TCP_STREAM_SSL_ENABLE_TLS); break; case CAMEL_NETWORK_SECURITY_METHOD_SSL_ON_ALTERNATE_PORT: stream = camel_tcp_stream_ssl_new ( session, host, CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3); break; default: g_return_val_if_reached (NULL); } --- CAMEL_TCP_STREAM_SSL_ENABLE_TLS is missing after CAMEL_TCP_STREAM_SSL_ENABLE_SSL3 for allow the use of TLS. How fix the issue ? ------------------- Apply patch in Redhat bugreport: https://bugzilla.redhat.com/attachment.cgi?id=947480&action=diff -- Nicolas DEFFAYET _______________________________________________ Pkg-evolution-maintainers mailing list Pkg-evolution-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-evolution-maintainers
