[Pkg-openssl-devel] Bug#665452: SSL23_GET_SERVER_HELLO:unsupported protocol

ael law_ence.dev at ntlworld.com
Tue Apr 24 20:43:04 UTC 2012 

I also see this bug via offlineimap (python).

$ openssl s_client -connect imap.ntlworld.com:993

seems to work:

CONNECTED(00000003)
---
[...snip..]

subject=/C=GB/ST=Hampshire/L=Hook/O=Virgin Media Ltd/OU=internet operations/CN=imap.ntlworld.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 4356 bytes and written 634 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : RC4-SHA
    Session-ID: 0FC06C3512C6AD1B71258E9A9E4586D55ECC3E521F8B3F61EB25EAEFA3F6FD11
    Session-ID-ctx: 
    Master-Key: 1AFB7A305271D34AA2BAC7AFF9EE2B0D2EAF336B8B993B732D43216790E351CC4138D986AD5C1C709ED9044E168CA041
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1335278032
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
* OK Virgin Media IMAP4 server ready [ e4c558782NTL ].

=================================================================================


Using offlineimap (version 6.5.3 -- current release; the debian package
is very old):-

$ ./offlineimap.py -a ntl
OfflineIMAP 6.5.3
  Licensed under the GNU GPL v2+ (v2 or any later version)
Account sync ntl:
 *** Processing account ntl
 Establishing connection to imap.ntlworld.com:993
 ERROR: Unknown SSL protocol connecting to host 'imap.ntlworld.com' forrepository 'ntlserv'. OpenSSL responded:
[Errno 1] _ssl.c:503: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
 *** Finished account 'ntl' in 0:00
ERROR: Exceptions occurred during the run!
ERROR: Unknown SSL protocol connecting to host 'imap.ntlworld.com' forrepository 'ntlserv'. OpenSSL responded:
[Errno 1] _ssl.c:503: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol

----------------------------------------------------------------------------------------------

With a little more debugging:
$ ./offlineimap.py --info -a ntl
OfflineIMAP 6.5.3
  Licensed under the GNU GPL v2+ (v2 or any later version)
Remote repository 'ntlserv': type 'Gmail'
Host: imap.ntlworld.com Port: 993 SSL: 1
Establishing connection to imap.ntlworld.com:993
Failed to connect. Reason Unknown SSL protocol connecting to host 'imap.ntlworld.com' forrepository 'ntlserv'. OpenSSL responded:
[Errno 1] _ssl.c:503: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
folderfilter= lambda foldername: foldername not in ['[Gmail]/All Mail','[Gmail]/Bin']

Establishing connection to imap.ntlworld.com:993
Traceback (most recent call last):
  File "./offlineimap.py", line 23, in <module>
    oi.run()
  File "/usr/local/packages/offlineimap/spaetz-offlineimap-f2fe807/offlineimap/init.py", line 46, in run
    self.serverdiagnostics(options)
  File "/usr/local/packages/offlineimap/spaetz-offlineimap-f2fe807/offlineimap/init.py", line 391, in serverdiagnostics
    account.serverdiagnostics()
  File "/usr/local/packages/offlineimap/spaetz-offlineimap-f2fe807/offlineimap/accounts.py", line 176, in serverdiagnostics
    self.ui.serverdiagnostics(remote_repo, 'Remote')
  File "/usr/local/packages/offlineimap/spaetz-offlineimap-f2fe807/offlineimap/ui/UIBase.py", line 397, in serverdiagnostics
    folders = repository.getfolders()
  File "/usr/local/packages/offlineimap/spaetz-offlineimap-f2fe807/offlineimap/repository/IMAP.py", line 268, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File "/usr/local/packages/offlineimap/spaetz-offlineimap-f2fe807/offlineimap/imapserver.py", line 333, in acquireconnection
    raise OfflineImapError(reason, severity)
offlineimap.error.OfflineImapError: Unknown SSL protocol connecting to host 'imap.ntlworld.com' forrepository 'ntlserv'. OpenSSL responded:
[Errno 1] _ssl.c:503: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol

--------------------------------------------------------------------------------------------------

I hope this is of some help. See also bug 666449.

ael

More information about the Pkg-openssl-devel mailing list