Cannot use YAM to get emails with AmiSSL 4.3 #27
Comments
|
And what exactly is a "live server" and "upload server"?!?! |
|
Sorry. Live is the Outlook/Hotmail server, I use the same smtp.Live server to send emails too. |
|
So, you are saying POP3 doesn't work, but SMTP does? What are the server names? And are there any error messages? |
|
Have been looking more closely at this and using the OpenSSL command to connect to pop3.live.com, the same TLSv1.2 cipher is used with both 4.2 and 4.3, so there shouldn't be a speed related issue. This is using the OS4 build, I should add, but it should be the same on OS3. Try You may need to use the OS3 OpenSSL command from 4.2 (the 4.3 one is crashing for me under emulation on OS4). This will work with the 4.3 libs too. |
|
Hi Oliver,
Yes, pop3 doesn't work but smpt does.
Pop3.live.com (also tried office365.outlook.com)
Smpt was smpt.live.com which worked, but I've set now set up office365.outlook.com which also works
On 23 Feb 2019 9:25 pm, Oliver Roberts <notifications@github.com> wrote:
So, you are saying POP3 doesn't work, but SMTP does? What are the server names? And are there any error messages?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#27 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AYg7jYfeuU5bND0EfPTDRIlUvE5fyf05ks5vQbHJgaJpZM4bOICe>.
|
|
I typed what you suggested and got a whole paragraph.
It starts with
Connected (000000)
and ends with
Timout : 7200(sec)
Verify returncode: 0 (ok)
Extended master secret : yes
I thank you for looking but I will be away for Adweek from tomorrow, so no rush.
Thanks wurzel
On 23 Feb 2019 11:32 pm, Oliver Roberts <notifications@github.com> wrote:
Have been looking more closely at this and using the OpenSSL command to connect to pop3.live.com, the same TLSv1.2 cipher is used with both 4.2 and 4.3, so there shouldn't be a speed related issue. This is using the OS4 build, I should add, but it should be the same on OS3.
Try OpenSSL s_client -connect pop3.live.com:995 and see what it says. Unfortunately, it seems the m68k build doesn't work under emulation on OS4, so I can't test it.
You may need to use the OS3 OpenSSL command from 4.2 (the 4.3 one is crashing for me under emulation on OS4). This will work with the 4.3 libs too.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#27 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AYg7janCmCG1NUsYQxtojs2RkGkjDMgxks5vQc-agaJpZM4bOICe>.
|
|
Posting the entire output from the OpenSSL command would be helpful. It is frustrating that AmigaKit hijacked my broken A1200, as I have no way of testing the m68k AmiSSL natively. And the m68k emulation on OS4 breaks AmiSSL it seems, which obviously doesn't help. |
|
Hi Oliver,
Ok I saved the output to a file and have copied to my phone. Hopefully, it will be attached.
On 24 Feb 2019 6:26 pm, Oliver Roberts <notifications@github.com> wrote:
Posting the entire output from the OpenSSL command would be helpful. It is frustrating that AmigaKit hijacked my broken A1200, as I have no way of testing the m68k AmiSSL natively. And the m68k emulation on OS4 breaks AmiSSL it seems, which obviously doesn't help.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#27 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AYg7jcVfbVgUrsJ3Hu5Een1gI_NG6Gqlks5vQtlbgaJpZM4bOICe>.
|
|
@jerseywurzel Nope - I think you can only attach files via the full web interface. |
|
Ok, hope it's attached now? |
|
Hi Oliver,
I think I've done it now.
On 24 Feb 2019 8:29 pm, Oliver Roberts <notifications@github.com> wrote:
@jerseywurzel<https://github.com/jerseywurzel> Nope - I think you can only attach files via the full web interface.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#27 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AYg7jeFtgleAJoBcqcRhZWXYRo0qacmTks5vQvYfgaJpZM4bOICe>.
|
|
Yes, thanks. May need to get you to re-run it later with extra debug output on, but I've got a deja vu feeling so will check back through the archives. Does the OpenSSL command from 4.3 work for you or does it crash? Output looks like it is the 4.2 command. |
|
Ok, I knew this felt familiar - see #11 - did you make any changes to get previous versions of AmiSSL v4 working with YAM? ECDH key exchange is a potential issue still. Maybe cipher priority changed since OpenSSL 1.1.0g and/or older faster ciphers were removed, which is causing ECDH to be chosen when it wasn't before. |
|
Sorry, but I don't know the difference in the commands you mentioned.
I just installed 4.3 in the same directory as 4.2. It said it was deleting old ciphers.
Then I opened a she'll and typed the command as you showed.
Thanks
On 24 Feb 2019 8:55 pm, Oliver Roberts <notifications@github.com> wrote:
Yes, thanks. May need to get you to re-run it later with extra debug output on, but I've got a deja vu feeling so will check back through the archives.
Does the OpenSSL command from 4.3 work for you or does it crash? Output looks like it is the 4.2 command.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#27 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AYg7jbSxkNTpP7ENlay3H-_ZN4Z-a1bdks5vQvxRgaJpZM4bOICe>.
|
|
Hi Oliver, Not sure how to tell what version OpenSSL command (Version OpenSSL?) it used or how to change from one version to another -could you let me know? |
|
@jerseywurzel Yes, "version OpenSSL". Although, I am 99% sure the latest OpenSSL command is broken on m68k somehow. What is your DefaultSSLCiphers setting in your YAM .config file? Sounds like you may need to adjust this like you did previously. |
|
@Futaura |
|
The OpenSSL command should be in AmiSSL: on OS3, IIRC. Don't worry about testing this further though. Regarding DefaultSSLCiphers I refer you to #11 (comment) :-) Just wondering if something changed in this respect when you updated YAM. |
|
Ah, I think you're onto it. The DefaultSSLCipher was: After changing it as per the previous comment, it worked! Thank you so much. |
|
Can you please state what exactly you entered now as the new DefaultSSLCipher setting?!? |
|
@ jens-maus Also, I am using the OPENSSL command from the Amissl 4.3 download, version 1.1.1a 20 Nov 18. |
|
@jens-maus |
|
@jerseywurzel Thanks for confirming - I've opened a separate issue (#28) for that. Regarding your DefaultSSLCiphers, as @jens-maus told you a long time ago, that isn't one of the most secure settings. I would recommend trying setting it to the default and adding ":!ECDH" to the end. This will disable all the ECDH(E) ciphers that are problematic on m68k and choose the best of the rest instead. You could also try "DEFAULT:!ECDH" or "ALL:!ECDH". That said, some of the other ciphers may be problematic on m68k too. |
|
@Futaura
Hi Oliver,
On 08/03/2019, you wrote:
@jerseywurzel Thanks for confirming - I've opened a separate issue (#28) for that.
Regarding your DefaultSSLCiphers, as @jens-maus told you a long time ago, that isn't one of
the most secure settings. I would recommend trying setting it to the default and adding
":!ECDH" to the end. This will disable all the ECDH(E) ciphers that are problematic on m68k
and choose the best of the rest instead. You could also try "DEFAULT:!ECDH" or "ALL:!ECDH".
That said, some of the other ciphers may be problematic on m68k too.
I've tried different combinations of DefaultSSLCipher settings. I'm not sure if it's because I'm not typing it correctly or not, but all connections fail except with AES256-SHA
I've tried entering:
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES128-SHA:!ECDH
ECDHE-RSA-AES128-SHA :!ECDH
DefaultSSLCiphers = DEFAULT:!ECDH
I restarted YAM each time so it would load the new configuration but none connect.
Anything else I can try?
Thanks
|
|
@jerseywurzel I wonder - are you running MuRedox? If not, please give it a try (assuming you are still using MMULib). I think it may help. |
|
Hi Oliver,
On 18/01/2020, you wrote:
@jerseywurzel I wonder - are you running MuRedox? If not, please give it a try - I think it
may help.
No, never even heard of it but I'll look it up.
Thanks.
Bye for now,
--
Russell
A lot of money is tainted -Taint yours and taint mine.
weather:
Partly Cloudy : 7.00 C, 44.60 F
Winds : East 10.36 MPH, 16.67 KPH, 9.00 Knots
Jersey Airport (EGJJ), United Kingdom
|
|
@jerseywurzel It will be interesting to see if AmiSSL 4.4 has improved your YAM experience - IIRC, YAM is compiled for AmiSSL 4.2, so it will automatically use AmiSSL 4.4 instead once you've installed it. I'm hopeful it will resolve your issue due to a fundamental flaw being fixes specific to running on a 68060. |
|
Hi Oliver,
On 15/02/2020, you wrote:
@jerseywurzel It will be interesting to see if AmiSSL 4.4 has improved your YAM experience
- IIRC, YAM is compiled for AmiSSL 4.2, so it will automatically use AmiSSL 4.4 instead
once you've installed it. I'm hopeful it will resolve your issue due to a fundamental flaw
being fixes specific to running on a 68060.
Yes, YAM is much faster now. I have even changed to Default Cipher to:
ECDHE-RSA-AES256-SHA384
And it still flies along.
Thank you.
Bye for now,
--
Russell
|
|
Fixed in ff6c5f9 |
Hi Jens,
Thanks for AMiSSL4.3.
Unfortunately, YAM latest nightly build as of 23.02.19 can no longer connect to the live server to download emails, though it can connect to the upload server. It was working fine with V4.2. I just tried to re-install 4.2 but it didn
t work because traces of 4.3 were still recognised. Real Amiga OS3.9 A1200/060. I hope its not that the real miggy is too slow now.The text was updated successfully, but these errors were encountered: