Support for TLS

Johannes Stezenbach js at sig21.net
Tue Jan 25 20:58:38 GMT 2011 

On Mon, Jan 24, 2011 at 09:06:40AM +0100, Sebastian Spaeth wrote:
> On Sat, 22 Jan 2011 21:59:53 +0100, Johannes Stezenbach <js at sig21.net> wrote:
> > On Sat, Jan 22, 2011 at 06:44:16PM +0100, Eshat Cakar wrote:
> > > WARNING: Error occured attempting to sync account remote: [Errno 1] _ssl.c:490: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> > > Other combination do not work either.
> > > Since TLS is the new default (according to RFC) I would be happy if you could
> > > implement support for it.
> 
> > For TLS, I guess you need to add ssl_version=ssl.PROTOCOL_TLSv1 to the
> > ssl.wrap_socket() arguments.  See the Debian bug below for
> 
> Right, looking at
> http://docs.python.org/dev/library/ssl.html
> 
> it seems that the protocol version being used is negotiated by the local
> openssl library and the server, so I am a bit surprised that they are
> not doing the right thing by default (e.g. choosing v3 rather than v2 by
> default, and using TLS if needed).

I'm not sure how this is supposed to work in openssl either.  All
I know is that the IMAP server I use was upgraded and the new
version immediately disconnects when it sees an SSLv2 client hello.
That's how I found out offlineimap was trying to connect using SSLv2.

Currently I'm using a locally patched version of offlineimap
which specifies ssl.PROTOCOL_SSLv3.

> I am a bit hesitant to introduce yet another config option that only
> experts can set, I am rather a fan of having apps find out and do the
> right thing themselves.
> 
> So would the right thing here be to first try with
> ssl.PROTOCOL_TLSv1 and if that fails, to fall back to
> ssl.PROTOCOL_SSLv3 ?
> 
> We should probably not even offer SSLv2 anymore? Or do some servers
> still require it. It's not safe, as far as I know though, right?

SSLv2 is broken, no one should use it.  I think the only reason
to support it would be for SSLv2-only servers (if those exist),
and even then we should print a big warning and require the user
to acknowledge that it is OK.  We must not silently fall back
to SSLv2 since it would allow an attacker to make you use
SSLv2 inadvertantly.

BTW, openssl-1.0.0 has SSLv2 disabled by default:
http://www.mail-archive.com/openssl-users@openssl.org/msg62049.html

But I'm not sure what this means for Python's ssl module.
I'm using Debian sid which currently still has openssl-0.9.8o.


Johannes

More information about the OfflineIMAP-project mailing list