<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi,</p>
<p>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
</p>
<pre style="white-space: pre-wrap; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">setting "security.tls.version.max" to "2" (TLS 1.1) solved this issue.
Thanks a lot.
Best regards,
Thomas
</pre>
<br>
<div class="moz-cite-prefix">Am 2017-02-14 um 13:49 schrieb Teemu
Pulliainen:<br>
</div>
<blockquote cite="mid:4d8cf7fe-a238-8949-0b77-0fa40f21c0eb@tmu.fi"
type="cite">
<br>
On 02/14/2017 11:30 AM, Gufler, Thomas wrote:
<br>
<blockquote type="cite">Hello,
<br>
<br>
having a interesting problem. I can connect with Thunderbird on
Ubuntu 16.04 to a Kolab server (roundcube works as well) but not
with Thunderbird on Arch or Fedora 25 (to the same system).
<br>
Trying to create an Thunderbird Account on this two systems ends
with an error "Configuration could not be verified - is the
username or password wrong?".
<br>
<br>
In the guam error.log I get:
<br>
<br>
error] <0.89.0> Supervisor
{<0.89.0>,kolab_guam_listener} had child session started
with {kolab_guam_session,start_link,undefined} at
<0.174.0> exit with reason
{{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...}
in context child_terminated
<br>
<br>
<br>
I already tried to switch from the certificates in the standard
installation to letsencrypt signed one - but with the same
result.
<br>
<br>
Any ideas?
<br>
<br>
Best regards,
<br>
Thomas
<br>
_______________________________________________
<br>
users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:users@lists.kolab.org">users@lists.kolab.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.kolab.org/mailman/listinfo/users">https://lists.kolab.org/mailman/listinfo/users</a>
<br>
</blockquote>
<br>
Hi,
<br>
<br>
<br>
might have something to do with more recent NSS/TLS 1.3 as
described in <a class="moz-txt-link-freetext" href="https://git.kolab.org/T1775">https://git.kolab.org/T1775</a> and
<a class="moz-txt-link-freetext" href="https://kanarip.wordpress.com/2016/11/04/heads-up-on-nss-3-27-guam/">https://kanarip.wordpress.com/2016/11/04/heads-up-on-nss-3-27-guam/</a>.
<br>
<br>
<br>
I don't think that's the exact same error message I once got (and
according to the bug tracker, T1775 would seem to be fixed on the
Kolab side already). Anyway, you might want to at least test using
TLS 1.1 in Thunderbird as shown in
<a class="moz-txt-link-freetext" href="http://lists.kolab.org/pipermail/users/2016-November/020985.html">http://lists.kolab.org/pipermail/users/2016-November/020985.html</a>.
<br>
<br>
<br>
Assuming you have the same issue with every client on Fedora
25/Arch and not just Thunderbird, you might want to try something
like "openssl s_client -connect yourserver.tld:993 -servername
yourserver.tld" to see if that produces a handshake error as well.
<br>
<br>
<br>
-Teemu
<br>
_______________________________________________
<br>
users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:users@lists.kolab.org">users@lists.kolab.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.kolab.org/mailman/listinfo/users">https://lists.kolab.org/mailman/listinfo/users</a>
<br>
</blockquote>
<br>
</body>
</html>