[Pkg-openssl-devel] Bug#853730: handshake failure alert number 40

[Leand]

Package: openssl
Version: 1.1.0c-2
Severity: important

Dear Maintainer,

After a recent upgrade of debian testing Kmail failes to nogotiate
SSL with two accounts. In fact openssl gives handshake failure
alert if I test with imap:

openssl s_client -connect imap.fastwebnet.it:993 or
openssl s_client -connect mail.postecert.it:993

CONNECTED(00000003)
140623095760000:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure:ssl/record/rec_layer_s3.c:1388:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1485862641
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---

With Icedove these two accounts (fastweb and postecert) work ok,
but Icedove does not use openssl. I tested the same openssl
command with debian live and it works, gives the certificates and
the message "OK IMAP4 PROXY server ready".



-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssl depends on:
ii libc6 2.24-8
ii libssl1.1 1.1.0c-2

openssl recommends no packages.

Versions of packages openssl suggests:
ii ca-certificates 20161130

-- no debconf information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20170131/af293838/attachment.html>