[SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail

Paweł Łukasik
Hello,

Roundcube always use TLSv1 for sending mail (used on same host as
mailserver with both RSA and ECDSA certs, ports 25 and 587). When I
disable all TLS/SSL versions except TLSv1.2 in Postfix config, I cannot
send mails from Roundcube (SMTP Error: Authentication failure: STARTTLS
failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php on
line 1649 (POST
/?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send)
) but can from desktop/mobile client.
Connection from Roundcube to IMAP server is always use TLSv1.2, external
servers (i.e. GMail) connect with TLSv1.2.

What could cause this behaviour? Is it possible to force TLSv1.2 for
SMTP?

--
Regards, Paul
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail

A.L.E.C
On 10.11.2016 11:02, Paweł Łukasik wrote:
> What could cause this behaviour? Is it possible to force TLSv1.2 for SMTP?

You need Net_SMTP package in version >= 1.7.1.

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail

Paweł Łukasik
>> What could cause this behaviour? Is it possible to force TLSv1.2 for
>> SMTP?
>
> You need Net_SMTP package in version >= 1.7.1.

1.7.2 installed with full roundcube 1.2.2 package. I've checked also on
pear.php and diff shows no diffs.
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail

Paweł Łukasik
In reply to this post by Paweł Łukasik
Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP
connections but not for SMTP.
PHP is rather new (Debian 7):

php --version
PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep  5 2015 00:21:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies



> do you really think roundcube has it's own low-level TLS code?
> most likely you run outdated PHP
>
> https://bugs.php.net/bug.php?id=65329
>
> Am 10.11.2016 um 11:02 schrieb Paweł Łukasik:
>> Hello,
>>
>> Roundcube always use TLSv1 for sending mail (used on same host as
>> mailserver with both RSA and ECDSA certs, ports 25 and 587). When I
>> disable all TLS/SSL versions except TLSv1.2 in Postfix config, I
>> cannot
>> send mails from Roundcube (SMTP Error: Authentication failure:
>> STARTTLS
>> failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php
>> on
>> line 1649 (POST
>> /?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send)
>> ) but can from desktop/mobile client.
>> Connection from Roundcube to IMAP server is always use TLSv1.2,
>> external
>> servers (i.e. GMail) connect with TLSv1.2.
>>
>> What could cause this behaviour? Is it possible to force TLSv1.2 for
>> SMTP?

--
Pozdrawiam, Paweł Łukasik
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail

A.L.E.C
On 10.11.2016 11:55, Paweł Łukasik wrote:
> Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP
> connections but not for SMTP.
> PHP is rather new (Debian 7):
>
> php --version
> PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep  5 2015 00:21:03)
> Copyright (c) 1997-2014 The PHP Group
> Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

I'm afraid you need PHP 5.6 according to this
http://php.net/manual/en/function.stream-socket-enable-crypto.php

I have no idea how did you get IMAP connection to use TLS 1.2.
As I've said both SMTP and IMAP code use the same way of setting TLS.

ps. PHP 5.4 is no longer supported by PHP.

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users