support for starttls

Johannes Stezenbach js at sig21.net
Mon Apr 11 14:02:30 BST 2011 

On Mon, Apr 11, 2011 at 02:44:39PM +0200, Johannes Stezenbach wrote:
> On Mon, Apr 11, 2011 at 01:37:23PM +0200, dtk wrote:
> > Excerpts from Daniel Kreischer's message of Sun Apr 10 21:08:55 +0200 2011:
> > > > and it seems to me like your Python ssl
> > > > support is buggy.  Maybe you can try with a different Python and/or
> > > > openssl version.
> > > hmm, maybe tomorrow at work.
> > hmm, same problem here with python 2.6.5 and openssl 0.9.8k[0]
> > I obviously have to admit though that those versions aren't too different :/
> > 
> > building python 2.7
> 
> What puzzles me is that Python documentation says about ssl_version:
>   "If not specified, for client-side operation, the default SSL version is SSLv3"
> file:///usr/share/doc/python2.6/html/library/ssl.html
> 
> Yet in your pcap it sends TLSv1 in the Client Hello.  Thus I suspected
> your openssl library defaults to TLSv1 while Python's ssl wrapper
> thinks it requested SSLv3.  But then your test with
> ssl_version=ssl.PROTOCOL_TLSv1 should have worked.

FWIW, I found I can reproduce the error with a simple
command line test:

>>> import imaplib2
>>> s=imaplib2.IMAP4("my.mailserver.com", debug=True)
  46:56.55 MainThread imaplib2 version 2.20
  46:56.55 MainThread imaplib2 debug level True
  46:56.64 MainThread connected to my.mailserver.com on port 143
  46:56.64 my.mailserver.com writer starting
  46:56.64 my.mailserver.com reader starting using poll
  46:56.75 my.mailserver.com handler starting
  46:56.75 MainThread state => NONAUTH
  46:56.75 MainThread [async] CAPABILITY ()
  46:56.79 MainThread CAPABILITY: ('IMAP4REV1', 'UIDPLUS', 'CHILDREN', 'NAMESPACE', 'THREAD=ORDEREDSUBJECT', 'THREAD=REFERENCES', 'SORT', 'QUOTA', 'IDLE', 'ACL', 'ACL2=UNION', 'STARTTLS', 'LOGINDISABLED')
>>> s.starttls()
  47:10.78 MainThread [sync] STARTTLS ()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "imaplib2.py", line 999, in starttls
  47:10.95 my.mailserver.com handler unexpected response: 'O STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number'
  47:10.95 my.mailserver.com handler NO response: Error in IMAP command received by server.
    self.sock = ssl.wrap_socket(self.sock, keyfile, certfile)
  File "/usr/lib/python2.6/ssl.py", line 338, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs)
  47:10.98 my.mailserver.com handler NO response: Error in IMAP command received by server.
  File "/usr/lib/python2.6/ssl.py", line 120, in __init__
    self.do_handshake()
  File "/usr/lib/python2.6/ssl.py", line 279, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:490: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


So the error is not specific to your setup.


Johannes

More information about the OfflineIMAP-project mailing list