[RCU] [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail

Paweł Łukasik pawel at lookasik.eu
Thu Nov 10 11:55:07 CET 2016


Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP 
connections but not for SMTP.
PHP is rather new (Debian 7):

php --version
PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep  5 2015 00:21:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies



> do you really think roundcube has it's own low-level TLS code?
> most likely you run outdated PHP
> 
> https://bugs.php.net/bug.php?id=65329
> 
> Am 10.11.2016 um 11:02 schrieb Paweł Łukasik:
>> Hello,
>> 
>> Roundcube always use TLSv1 for sending mail (used on same host as
>> mailserver with both RSA and ECDSA certs, ports 25 and 587). When I
>> disable all TLS/SSL versions except TLSv1.2 in Postfix config, I 
>> cannot
>> send mails from Roundcube (SMTP Error: Authentication failure: 
>> STARTTLS
>> failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php 
>> on
>> line 1649 (POST
>> /?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send)
>> ) but can from desktop/mobile client.
>> Connection from Roundcube to IMAP server is always use TLSv1.2, 
>> external
>> servers (i.e. GMail) connect with TLSv1.2.
>> 
>> What could cause this behaviour? Is it possible to force TLSv1.2 for 
>> SMTP?

-- 
Pozdrawiam, Paweł Łukasik


More information about the users mailing list