Sebastien, I believe that something on the Yahoo/AOL/etc server side was changed to return a zero length session ticket for older TLS protocols. According to https://gnutls.org/manual/html_node/Session-tickets.html: "A disadvantage of session tickets is that they eliminate the effects of forward secrecy when a server uses the same key for long time. That is, the secrecy of all sessions on a server using tickets depends on the ticket key being kept secret. For that reason server keys should be rotated and discarded regularly. [snip] Under TLS 1.3 session tickets are mandatory for session resumption, and they do not share the forward secrecy concerns as with TLS 1.2 or earlier."
My guess is that they felt this was insecure and return a zero length session ticket as a workaround. If more servers are configured that way this will become a bigger problem including more programs than just Evolution and Claws email clients. RFC5077 states "If the server determines that it does not want to include a ticket after it has included the SessionTicket extension in the ServerHello, then it sends a zero-length ticket in the NewSessionTicket handshake message." A zero length ticket is a legitimate value and should be supported. Testing with the current version of OpenSSL on Ubuntu 18.04.4 (1.1.1-1ubuntu2.1~18.04.5) showed that it is able to handle zero length session tickets and wireshark confirmed that the server returned a zero length ticket with the following command: $ openssl s_client -msg -tls1_2 -connect pop.verizon.net:995 This is the first time I have gone through this process. Please let me know if I missed something or did something wrong. I'm trying to follow the SRU wiki entry: https://wiki.ubuntu.com/StableReleaseUpdates If I'm reading this correctly this bug falls under the last bullet of section "2.1 High-impact bugs" which states "Updates that need to be applied to Ubuntu packages to adjust to changes in the environment, server protocols, web services, and similar, i. e. where the current version just ceases to work." I believe the following two conditions have been met: 3.1 Check that the bug is fixed in the current development release, and that its bug task is "Fix Released" 3.2 Ensure that the bug report for this issue is public I'm working on 3.3 and modified the description with the first cut at an impact statement. I'm not sure what to put for the [Regression Potential] section. Any help that you can provide will be greatly appreciated! Thanks, Rod ** Description changed: + [Impact] + + Evolution and Claws email clients stopped connecting to Yahoo, AOL, + Verizon, AT&T, Bell South, etc email servers which are run by the same + group. Users are unable to get to their email. + + Nominating for SRU, fulfills: "Updates that need to be applied to Ubuntu + packages to adjust to changes in the environment, server protocols, web + services, and similar, i. e. where the current version just ceases to + work." + [testcase] $ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995 [...] - Status: The certificate is trusted. *** Fatal error: Internal error in memory allocation. - When Evolution checks my verizon.net account it displays the message "Error performing TLS handshake: Internal error in memory allocation" and doesn't download any new email messages. This started happening two days ago shortly after updates were applied. Normally it would download the new email messages. Searching the web I found a Linux Mint forum with users having the same issue. Some users felt it maybe an expired certificate while others thought it might be related to the recent update. What can I do to get more information about this issue? ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: evolution 3.28.5-0ubuntu0.18.04.2 ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18 Uname: Linux 5.3.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.14 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Fri May 1 07:03:51 2020 InstallationDate: Installed on 2017-12-12 (870 days ago) InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801) ProcEnviron: PATH=(custom, no username) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: evolution UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1876286 Title: Evolution reports "Error performing TLS handshake: Internal error in memory allocation." To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1876286/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
