support for starttls
Johannes Stezenbach
js at sig21.net
Mon Apr 11 13:44:39 BST 2011
On Mon, Apr 11, 2011 at 01:37:23PM +0200, dtk wrote:
> Excerpts from Daniel Kreischer's message of Sun Apr 10 21:08:55 +0200 2011:
> > > and it seems to me like your Python ssl
> > > support is buggy. Maybe you can try with a different Python and/or
> > > openssl version.
> > hmm, maybe tomorrow at work.
> hmm, same problem here with python 2.6.5 and openssl 0.9.8k[0]
> I obviously have to admit though that those versions aren't too different :/
>
> building python 2.7
What puzzles me is that Python documentation says about ssl_version:
"If not specified, for client-side operation, the default SSL version is SSLv3"
file:///usr/share/doc/python2.6/html/library/ssl.html
Yet in your pcap it sends TLSv1 in the Client Hello. Thus I suspected
your openssl library defaults to TLSv1 while Python's ssl wrapper
thinks it requested SSLv3. But then your test with
ssl_version=ssl.PROTOCOL_TLSv1 should have worked.
Anyway, looking at python2.6.6/Modules/_ssl.c it seems Python
does not do any version checking itself, i.e. it fails inside openssl.
I'm not sure how to debug, but updating openssl might be a good idea:
http://www.openssl.org/news/
HTH
Johannes
More information about the OfflineIMAP-project
mailing list