Source: gnutls28 Version: 3.3.15-5 Severity: important Dear Maintainer,
After having updated gnutls to 3.3.15-5, my evolution is unable to connect to my imap server on mail.datenzone.de port 993 using imap-ssl. However I can still connect to that server using gnutls-cli or icedove. Also other imap-server where I use TLS on work fine. In addition to that, connecting to the smtp-ssl daemon on the same host still works fine using evolution. I am using the IMAPx plugin in evolution. An analysis of the traffic dump showed that the server generates a TLS bad record mac alert after the handshake is finished. I cannot see any noticeable difference between the handshake evolution uses and the one icedove/thunderbird uses. Feel free to test it with mail.datenzone.de:993, you do not need an account on the server since the failure happens during the TLS handshake before authentication starts. The server is a cyrus imapd running on debian stable. You might need to disable certificate validation should your system not support CAcert certificates. Downgrading the gnutls version to 3.3.15-2 solves the problem. I have looked at the diff between those versions, but I could not spot the source of that problem. My system has an Intel CPU supporting AES-NI, but not VIA padlock. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
signature.asc
Description: This is a digitally signed message part
