Discussion:
Can't connect to Kolab/Guam 16 with Thunderbird 45.7
Gufler, Thomas
2017-02-14 09:30:59 UTC
Permalink
Hello,

having a interesting problem. I can connect with Thunderbird on Ubuntu
16.04 to a Kolab server (roundcube works as well) but not with
Thunderbird on Arch or Fedora 25 (to the same system).
Trying to create an Thunderbird Account on this two systems ends with an
error "Configuration could not be verified - is the username or password
wrong?".

In the guam error.log I get:

error] <0.89.0> Supervisor {<0.89.0>,kolab_guam_listener} had child
session started with {kolab_guam_session,start_link,undefined} at
<0.174.0> exit with reason
{{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...}
in context child_terminated


I already tried to switch from the certificates in the standard
installation to letsencrypt signed one - but with the same result.

Any ideas?

Best regards,
Thomas
Teemu Pulliainen
2017-02-14 12:49:05 UTC
Permalink
Post by Gufler, Thomas
Hello,
having a interesting problem. I can connect with Thunderbird on Ubuntu
16.04 to a Kolab server (roundcube works as well) but not with
Thunderbird on Arch or Fedora 25 (to the same system).
Trying to create an Thunderbird Account on this two systems ends with
an error "Configuration could not be verified - is the username or
password wrong?".
error] <0.89.0> Supervisor {<0.89.0>,kolab_guam_listener} had child
session started with {kolab_guam_session,start_link,undefined} at
<0.174.0> exit with reason
{{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...}
in context child_terminated
I already tried to switch from the certificates in the standard
installation to letsencrypt signed one - but with the same result.
Any ideas?
Best regards,
Thomas
_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users
Hi,


might have something to do with more recent NSS/TLS 1.3 as described in
https://git.kolab.org/T1775 and
https://kanarip.wordpress.com/2016/11/04/heads-up-on-nss-3-27-guam/.


I don't think that's the exact same error message I once got (and
according to the bug tracker, T1775 would seem to be fixed on the Kolab
side already). Anyway, you might want to at least test using TLS 1.1 in
Thunderbird as shown in
http://lists.kolab.org/pipermail/users/2016-November/020985.html.


Assuming you have the same issue with every client on Fedora 25/Arch and
not just Thunderbird, you might want to try something like "openssl
s_client -connect yourserver.tld:993 -servername yourserver.tld" to see
if that produces a handshake error as well.


-Teemu
Thomas Gufler
2017-02-14 13:08:54 UTC
Permalink
Hi,

setting "security.tls.version.max" to "2" (TLS 1.1) solved this issue.

Thanks a lot.

Best regards,
Thomas
Post by Teemu Pulliainen
Post by Gufler, Thomas
Hello,
having a interesting problem. I can connect with Thunderbird on
Ubuntu 16.04 to a Kolab server (roundcube works as well) but not with
Thunderbird on Arch or Fedora 25 (to the same system).
Trying to create an Thunderbird Account on this two systems ends with
an error "Configuration could not be verified - is the username or
password wrong?".
error] <0.89.0> Supervisor {<0.89.0>,kolab_guam_listener} had child
session started with {kolab_guam_session,start_link,undefined} at
<0.174.0> exit with reason
{{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...}
in context child_terminated
I already tried to switch from the certificates in the standard
installation to letsencrypt signed one - but with the same result.
Any ideas?
Best regards,
Thomas
_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users
Hi,
might have something to do with more recent NSS/TLS 1.3 as described
in https://git.kolab.org/T1775 and
https://kanarip.wordpress.com/2016/11/04/heads-up-on-nss-3-27-guam/.
I don't think that's the exact same error message I once got (and
according to the bug tracker, T1775 would seem to be fixed on the
Kolab side already). Anyway, you might want to at least test using TLS
1.1 in Thunderbird as shown in
http://lists.kolab.org/pipermail/users/2016-November/020985.html.
Assuming you have the same issue with every client on Fedora 25/Arch
and not just Thunderbird, you might want to try something like
"openssl s_client -connect yourserver.tld:993 -servername
yourserver.tld" to see if that produces a handshake error as well.
-Teemu
_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users
Loading...