[neon] [Bug 426303] New: SSL Connect to MS Exchange autodiscover fails since 20.04

Tue, 08 Sep 2020 02:32:09 -0700 

https://bugs.kde.org/show_bug.cgi?id=426303

            Bug ID: 426303
           Summary: SSL Connect to MS Exchange autodiscover fails since
                    20.04
           Product: neon
           Version: unspecified
          Platform: Neon Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: Packages User Edition
          Assignee: neon-b...@kde.org
          Reporter: kle...@gmail.com
                CC: j...@jriddell.org, neon-b...@kde.org, sit...@kde.org
  Target Milestone: ---

SUMMARY


STEPS TO REPRODUCE
1. Upgrade Neon to 20.04
2. Try to use previously working akonadi-ews based account in Kontact
3. Fail
4. Try to just connect to the autodiscover server
5. Fail
6. Ask colleagues to do the same on other distributions like Ubuntu 20.04.
Success for them

OBSERVED RESULT

I try to connect to the autodiscover server with openssl:
$ openssl s_client -connect autodiscover.XXX.XX:443
CONNECTED(00000003)
depth=0 C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
verify error:num=21:unable to verify the first certificate
verify return:1
140336653460800:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too
small:../ssl/statem/statem_clnt.c:2149:
---
Certificate chain
 0 s:C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX
   i:C = XX O = XXX, CN = XXXXX
---
Server certificate
-----BEGIN CERTIFICATE-----
…
-----END CERTIFICATE-----
subject=C = XX, O = XXX, OU = XXX, CN = mail.XXX.XX

issuer=C = XX O = XXX, CN = XXXXX

---
No client certificate CA names sent
---
SSL handshake has read 2038 bytes and written 318 bytes
Verification error: unable to verify the first certificate
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: …
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1599555816
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---


EXPECTED RESULT
It should be connected but it returns with return code 1.
On my colleagues computer, under Ubuntu 20.04 or older, it connects and does
not return.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.19.5
KDE Frameworks Version: 5.73.0
Qt Version: 5.14.2

ADDITIONAL INFORMATION

Applying this change allows me to connect and to use the Exchange server, but I
don't know what are the consequences on the security of my system or my emails.

https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to