Re: [RCU] [SMTP, SSL] Roundcube 1.2.2 - never use TLSv1.2 and always fallback to TLSv1 when sends mail
Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP connections but not for SMTP. PHP is rather new (Debian 7):
php --version PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep 5 2015 00:21:03) Copyright (c) 1997-2014 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
do you really think roundcube has it's own low-level TLS code? most likely you run outdated PHP
https://bugs.php.net/bug.php?id=65329
Am 10.11.2016 um 11:02 schrieb Paweł Łukasik:
Hello,
Roundcube always use TLSv1 for sending mail (used on same host as mailserver with both RSA and ECDSA certs, ports 25 and 587). When I disable all TLS/SSL versions except TLSv1.2 in Postfix config, I cannot send mails from Roundcube (SMTP Error: Authentication failure: STARTTLS failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php on line 1649 (POST /?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send) ) but can from desktop/mobile client. Connection from Roundcube to IMAP server is always use TLSv1.2, external servers (i.e. GMail) connect with TLSv1.2.
What could cause this behaviour? Is it possible to force TLSv1.2 for SMTP?
On 10.11.2016 11:55, Paweł Łukasik wrote:
Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP connections but not for SMTP. PHP is rather new (Debian 7):
php --version PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep 5 2015 00:21:03) Copyright (c) 1997-2014 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
I'm afraid you need PHP 5.6 according to this http://php.net/manual/en/function.stream-socket-enable-crypto.php
I have no idea how did you get IMAP connection to use TLS 1.2. As I've said both SMTP and IMAP code use the same way of setting TLS.
ps. PHP 5.4 is no longer supported by PHP.
-
A.L.E.C -
Paweł Łukasik