On Thu, Aug 31, 2017 at 06:38:46PM +0300, Ilias Tsitsimpis wrote: > Hi, > > > OpenSSL responded: > > [SSL: VERSION_TOO_LOW] version too low (_ssl.c:661) > > *** Finished account 'ntlspam' in 0:00 > > If I understand correctly, you tested the above with the latest openssl > (1.1.0f-5), is that right? If so, could you please try and set the > `ssl_version` in offlineimap.conf file to tls1_1 or tls1, accordingly? > This should force offlineimap to use the specified version.
Sorry for the delay. Yes, those options worked. Thank you. I do find the documentation about the tls/ssl options in /usr/share/doc/offlineimap/examples/offlineimap.conf.gz pretty confusing, and had tried various configurations that I thought should have worked. But both ssl_version = tls1 and tls1_1 both worked on my tests on imap.ntlworld.com. For information: $ openssl s_client -connect imap.ntlworld.com:imaps CONNECTED(00000003) --- Certificate chain 0 s:/C=GB/OU=Domain Control Validated/CN=imap.ntlworld.com i:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2 1 s:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2 i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIHUzCCBjugAwIBAgIMcUncDtUF6SBWgudAMA0GCSqGSIb3DQEBCwUAMEwxCzAJ --[snip]-- -----END CERTIFICATE----- subject=/C=GB/OU=Domain Control Validated/CN=imap.ntlworld.com issuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2 --- No client certificate CA names sent Server Temp Key: DH, 2048 bits --- SSL handshake has read 3958 bytes and written 518 bytes Verification: OK --- New, SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : DHE-RSA-AES256-SHA Session-ID: AF2CBF5AFAB05F8023146EACFC3389D060A82228599CF734500D9A77B1AF53CC Session-ID-ctx: Master-Key: 3F9357B6BD33C8C09122855A66F7CEC6F65F9CFA0EA6FED7B9D8C695912BBC8A0184CDB1CBF983DA396D9CDB27997651 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1504551118 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- * OK Virgin Media IMAP4 server ready [ e4c558782NTL ] -------------------------------------------------------------------------------- Thanks again.