Support other TLS provider and unify cargo features
iojea opened this issue · 7 comments
iojea commented
Hi,
Since you are testing v1.0.0 I am coming back with this issue. Today I was able to build the master branch from source (something that had failed in all my previous attempts). But I am still unable to access my university account.
My config.toml looks like this:
accounts.dm]
default = true
email = "iojea@dm.uba.ar"
display-name = "Ignacio Ojea"
downloads-dir = "~/Downloads"
backend = "imap"
message.send.backend = "smtp"
imap.host = "imap.dm.uba.ar"
imap.port = 993
imap.encryption = "tls"
imap.login = "iojea"
imap.passwd.command = "pass show iojea/DM"
smtp.host = "smtp.dm.uba.ar"
smtp.port = 587
smtp.encryption = "tls"
smtp.login = "iojea"
smtp.passwd.command = "pass show iojea/DM"
When I run himalaya I am asked for my pass password, and when I type it I get the following error. This has not changed with respect to v0.9.0.
WARN cannot build imap session: cannot connect to imap server, attempt (1)
WARN cannot build imap session: cannot connect to imap server, attempt (2)
WARN cannot build imap session: cannot connect to imap server, attempt (3)
WARN cannot build imap session after 3 attempts, aborting
Error:
0: cannot connect to imap server
1: IO error: received fatal alert: HandshakeFailure
Note: Run with --debug to enable logs with spantrace.
Note: Run with --trace to enable verbose logs with backtrace.
The output of himalaya --debug is:
2024-11-01T13:22:05.134607Z INFO executing list envelopes command
2024-11-01T13:22:05.134820Z DEBUG running single command: pass show iojea/DM
2024-11-01T13:22:05.298842Z INFO building new imap context
2024-11-01T13:22:05.298883Z DEBUG creating session using login and password
2024-11-01T13:22:05.301615Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:22:05.301805Z DEBUG Not resuming any session
2024-11-01T13:22:05.307519Z WARN cannot build imap session: cannot connect to imap server, attempt (1)
2024-11-01T13:22:05.307567Z DEBUG creating session using login and password
2024-11-01T13:22:05.308678Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:22:05.309879Z DEBUG Not resuming any session
2024-11-01T13:22:05.314075Z WARN cannot build imap session: cannot connect to imap server, attempt (2)
2024-11-01T13:22:05.314104Z DEBUG creating session using login and password
2024-11-01T13:22:05.315863Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:22:05.316616Z DEBUG Not resuming any session
2024-11-01T13:22:05.325273Z WARN cannot build imap session: cannot connect to imap server, attempt (3)
2024-11-01T13:22:05.325313Z DEBUG creating session using login and password
2024-11-01T13:22:05.326110Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:22:05.326204Z DEBUG Not resuming any session
2024-11-01T13:22:05.332215Z WARN cannot build imap session after 3 attempts, aborting
Error:
0: cannot connect to imap server
1: IO error: received fatal alert: HandshakeFailure
Location:
/build/source/src/backend/mod.rs:638
Note: Run with --trace to enable verbose logs with backtrace.
The output of himalaya --trace is:
2024-11-01T13:23:26.251980Z INFO executing list envelopes command
2024-11-01T13:23:26.252189Z DEBUG running single command: pass show iojea/DM
2024-11-01T13:23:26.252771Z TRACE registering event source with poller: token=Token(134759672380800), interests=READABLE | WRITABLE
2024-11-01T13:23:26.252809Z TRACE registering event source with poller: token=Token(134759677776000), interests=READABLE | WRITABLE
2024-11-01T13:23:26.252833Z TRACE registering event source with poller: token=Token(134759677776384), interests=READABLE
2024-11-01T13:23:26.412726Z TRACE deregistering event source from poller
2024-11-01T13:23:26.412786Z TRACE deregistering event source from poller
2024-11-01T13:23:26.412799Z TRACE deregistering event source from poller
2024-11-01T13:23:26.412841Z INFO building new imap context
2024-11-01T13:23:26.412849Z DEBUG creating session using login and password
2024-11-01T13:23:26.415430Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:23:26.415597Z DEBUG Not resuming any session
2024-11-01T13:23:26.415639Z TRACE Sending ClientHello Message {
version: TLSv1_0,
payload: Handshake {
parsed: HandshakeMessagePayload {
typ: ClientHello,
payload: ClientHello(
ClientHelloPayload {
client_version: TLSv1_2,
random: 639db4cd48a035d1e82c1a53ad85b51ea8ec7789d17b7597a39103854351048a,
session_id: 01b5a9cf992dfef65d7c77ce42eef18592df3bb2bec8cc6fd871a3a804c0ecdb,
cipher_suites: [
TLS13_AES_256_GCM_SHA384,
TLS13_AES_128_GCM_SHA256,
TLS13_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
],
compression_methods: [
Null,
],
extensions: [
SupportedVersions(
[
TLSv1_3,
TLSv1_2,
],
),
EcPointFormats(
[
Uncompressed,
],
),
NamedGroups(
[
X25519,
secp256r1,
secp384r1,
],
),
SignatureAlgorithms(
[
ECDSA_NISTP384_SHA384,
ECDSA_NISTP256_SHA256,
ED25519,
RSA_PSS_SHA512,
RSA_PSS_SHA384,
RSA_PSS_SHA256,
RSA_PKCS1_SHA512,
RSA_PKCS1_SHA384,
RSA_PKCS1_SHA256,
],
),
ExtendedMasterSecretRequest,
CertificateStatusRequest(
Ocsp(
OcspCertificateStatusRequest {
responder_ids: [],
extensions: ,
},
),
),
ServerName(
[
ServerName {
typ: HostName,
payload: HostName(
DnsName(
"imap.dm.uba.ar",
),
),
},
],
),
KeyShare(
[
KeyShareEntry {
group: X25519,
payload: 5a70551802d80831a70bd97839d9c19016c99e84dcfcc06abd8351945efaec59,
},
],
),
PresharedKeyModes(
[
PSK_DHE_KE,
],
),
SessionTicket(
Request,
),
],
},
),
},
encoded: 010000e80303639db4cd48a035d1e82c1a53ad85b51ea8ec7789d17b7597a39103854351048a2001b5a9cf992dfef65d7c77ce42eef18592df3bb2bec8cc6fd871a3a804c0ecdb0014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d00205a70551802d80831a70bd97839d9c19016c99e84dcfcc06abd8351945efaec59002d0002010100230000,
},
}
2024-11-01T13:23:26.421168Z WARN cannot build imap session: cannot connect to imap server, attempt (1)
2024-11-01T13:23:26.421253Z DEBUG creating session using login and password
2024-11-01T13:23:26.422759Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:23:26.422934Z DEBUG Not resuming any session
2024-11-01T13:23:26.422978Z TRACE Sending ClientHello Message {
version: TLSv1_0,
payload: Handshake {
parsed: HandshakeMessagePayload {
typ: ClientHello,
payload: ClientHello(
ClientHelloPayload {
client_version: TLSv1_2,
random: a4eb8f8448e56b2a445759150c2e3ef014bb0db98283e4ce6742528e160e8cb1,
session_id: 851330c593d9da9690a85a825060abce9cb68e390f2ec20893ba104c147fee5d,
cipher_suites: [
TLS13_AES_256_GCM_SHA384,
TLS13_AES_128_GCM_SHA256,
TLS13_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
],
compression_methods: [
Null,
],
extensions: [
SupportedVersions(
[
TLSv1_3,
TLSv1_2,
],
),
EcPointFormats(
[
Uncompressed,
],
),
NamedGroups(
[
X25519,
secp256r1,
secp384r1,
],
),
SignatureAlgorithms(
[
ECDSA_NISTP384_SHA384,
ECDSA_NISTP256_SHA256,
ED25519,
RSA_PSS_SHA512,
RSA_PSS_SHA384,
RSA_PSS_SHA256,
RSA_PKCS1_SHA512,
RSA_PKCS1_SHA384,
RSA_PKCS1_SHA256,
],
),
ExtendedMasterSecretRequest,
CertificateStatusRequest(
Ocsp(
OcspCertificateStatusRequest {
responder_ids: [],
extensions: ,
},
),
),
ServerName(
[
ServerName {
typ: HostName,
payload: HostName(
DnsName(
"imap.dm.uba.ar",
),
),
},
],
),
KeyShare(
[
KeyShareEntry {
group: X25519,
payload: 536f7ab28df8dce1f74d76b06869f4f6414599abc5d339a6020f09d39e86534d,
},
],
),
PresharedKeyModes(
[
PSK_DHE_KE,
],
),
SessionTicket(
Request,
),
],
},
),
},
encoded: 010000e80303a4eb8f8448e56b2a445759150c2e3ef014bb0db98283e4ce6742528e160e8cb120851330c593d9da9690a85a825060abce9cb68e390f2ec20893ba104c147fee5d0014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d0020536f7ab28df8dce1f74d76b06869f4f6414599abc5d339a6020f09d39e86534d002d0002010100230000,
},
}
2024-11-01T13:23:26.428105Z WARN cannot build imap session: cannot connect to imap server, attempt (2)
2024-11-01T13:23:26.428115Z DEBUG creating session using login and password
2024-11-01T13:23:26.429195Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:23:26.429282Z DEBUG Not resuming any session
2024-11-01T13:23:26.429305Z TRACE Sending ClientHello Message {
version: TLSv1_0,
payload: Handshake {
parsed: HandshakeMessagePayload {
typ: ClientHello,
payload: ClientHello(
ClientHelloPayload {
client_version: TLSv1_2,
random: 54e9a0c80e23622f1b327ee5780527785f55f70ff879c674a406f178c3b9b2cf,
session_id: 410acfd4c805a20eb9ab0d7dc93a057fa05e8c435aca5751f53c00ac285595fa,
cipher_suites: [
TLS13_AES_256_GCM_SHA384,
TLS13_AES_128_GCM_SHA256,
TLS13_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
],
compression_methods: [
Null,
],
extensions: [
SupportedVersions(
[
TLSv1_3,
TLSv1_2,
],
),
EcPointFormats(
[
Uncompressed,
],
),
NamedGroups(
[
X25519,
secp256r1,
secp384r1,
],
),
SignatureAlgorithms(
[
ECDSA_NISTP384_SHA384,
ECDSA_NISTP256_SHA256,
ED25519,
RSA_PSS_SHA512,
RSA_PSS_SHA384,
RSA_PSS_SHA256,
RSA_PKCS1_SHA512,
RSA_PKCS1_SHA384,
RSA_PKCS1_SHA256,
],
),
ExtendedMasterSecretRequest,
CertificateStatusRequest(
Ocsp(
OcspCertificateStatusRequest {
responder_ids: [],
extensions: ,
},
),
),
ServerName(
[
ServerName {
typ: HostName,
payload: HostName(
DnsName(
"imap.dm.uba.ar",
),
),
},
],
),
KeyShare(
[
KeyShareEntry {
group: X25519,
payload: 9bd0d81d46610090fd126f2d0926e47122d0a6aedb9cd2c9cbb8a75af5985a39,
},
],
),
PresharedKeyModes(
[
PSK_DHE_KE,
],
),
SessionTicket(
Request,
),
],
},
),
},
encoded: 010000e8030354e9a0c80e23622f1b327ee5780527785f55f70ff879c674a406f178c3b9b2cf20410acfd4c805a20eb9ab0d7dc93a057fa05e8c435aca5751f53c00ac285595fa0014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d00209bd0d81d46610090fd126f2d0926e47122d0a6aedb9cd2c9cbb8a75af5985a39002d0002010100230000,
},
}
2024-11-01T13:23:26.434369Z WARN cannot build imap session: cannot connect to imap server, attempt (3)
2024-11-01T13:23:26.434378Z DEBUG creating session using login and password
2024-11-01T13:23:26.435233Z DEBUG No cached session for DnsName("imap.dm.uba.ar")
2024-11-01T13:23:26.435332Z DEBUG Not resuming any session
2024-11-01T13:23:26.435354Z TRACE Sending ClientHello Message {
version: TLSv1_0,
payload: Handshake {
parsed: HandshakeMessagePayload {
typ: ClientHello,
payload: ClientHello(
ClientHelloPayload {
client_version: TLSv1_2,
random: f0317bb7fe5b67b9c39038d5d5ec2cf959c1f8bda0fb7b868e8be969beb555cd,
session_id: 46b41b8ca2df119e2a4b2cd87b5d0731f3d0729c5ab5e4b66c92d0e0b1308094,
cipher_suites: [
TLS13_AES_256_GCM_SHA384,
TLS13_AES_128_GCM_SHA256,
TLS13_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
],
compression_methods: [
Null,
],
extensions: [
SupportedVersions(
[
TLSv1_3,
TLSv1_2,
],
),
EcPointFormats(
[
Uncompressed,
],
),
NamedGroups(
[
X25519,
secp256r1,
secp384r1,
],
),
SignatureAlgorithms(
[
ECDSA_NISTP384_SHA384,
ECDSA_NISTP256_SHA256,
ED25519,
RSA_PSS_SHA512,
RSA_PSS_SHA384,
RSA_PSS_SHA256,
RSA_PKCS1_SHA512,
RSA_PKCS1_SHA384,
RSA_PKCS1_SHA256,
],
),
ExtendedMasterSecretRequest,
CertificateStatusRequest(
Ocsp(
OcspCertificateStatusRequest {
responder_ids: [],
extensions: ,
},
),
),
ServerName(
[
ServerName {
typ: HostName,
payload: HostName(
DnsName(
"imap.dm.uba.ar",
),
),
},
],
),
KeyShare(
[
KeyShareEntry {
group: X25519,
payload: 3f84deff9f47febef50414d25779c69a0ffaf538a72f316ba9cea71645017722,
},
],
),
PresharedKeyModes(
[
PSK_DHE_KE,
],
),
SessionTicket(
Request,
),
],
},
),
},
encoded: 010000e80303f0317bb7fe5b67b9c39038d5d5ec2cf959c1f8bda0fb7b868e8be969beb555cd2046b41b8ca2df119e2a4b2cd87b5d0731f3d0729c5ab5e4b66c92d0e0b13080940014130213011303c02cc02bcca9c030c02fcca800ff0100008b002b00050403040303000b00020100000a00080006001d00170018000d001400120503040308070806080508040601050104010017000000050005010000000000000013001100000e696d61702e646d2e7562612e6172003300260024001d00203f84deff9f47febef50414d25779c69a0ffaf538a72f316ba9cea71645017722002d0002010100230000,
},
}
2024-11-01T13:23:26.440445Z WARN cannot build imap session after 3 attempts, aborting
Error:
0: cannot connect to imap server
1: IO error: received fatal alert: HandshakeFailure
Location:
/build/source/src/backend/mod.rs:638
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⋮ 3 frames hidden ⋮
4: himalaya::email::envelope::command::list::ListEnvelopesCommand::execute::{{closure}}::h45c698d3d348ab89
at <unknown source file>:<unknown line>
5: tokio::runtime::park::CachedParkThread::block_on::h55e0cb240d0bc81c
at <unknown source file>:<unknown line>
6: tokio::runtime::context::runtime::enter_runtime::h07fdf3eeb91a6311
at <unknown source file>:<unknown line>
7: tokio::runtime::runtime::Runtime::block_on::hed83e9d496bb757f
at <unknown source file>:<unknown line>
8: himalaya::main::h0eefd20397af79ba
at <unknown source file>:<unknown line>
9: std::sys_common::backtrace::__rust_begin_short_backtrace::h49ef2140b8710848
at <unknown source file>:<unknown line>
10: std::rt::lang_start::{{closure}}::h768a8bc4e460bbc2
at <unknown source file>:<unknown line>
11: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h5ec8c9a223df7d15
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/core/src/ops/function.rs:284
12: std::panicking::try::do_call::h2dcd2c78950ddfec
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:554
13: std::panicking::try::hce5bc4bcb0fe9f5d
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:518
14: std::panic::catch_unwind::hb71ed5db6f0535df
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panic.rs:142
15: std::rt::lang_start_internal::{{closure}}::h02e44d6341d8a0e0
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/rt.rs:148
16: std::panicking::try::do_call::h607b189d049eee65
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:554
17: std::panicking::try::h419673dfebc39c5d
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panicking.rs:518
18: std::panic::catch_unwind::hdab4b753f5ca84c0
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/panic.rs:142
19: std::rt::lang_start_internal::hc5ae2f59965906d9
at /rustc/aedd173a2c086e558c2b66d3743b344f977621a7/library/std/src/rt.rs:148
20: main<unknown>
at <unknown source file>:<unknown line>
I don´t know what causes this issue, but I have successfully configured other mail clients with essentially the same config. I hope this can be fixed...
Thanks!
soywod commented
Sorry for the delay. Looks definitely like a TLS issue, but does not look obvious to me at first glance. When I compare with my logs:
2024-11-05T15:21:43.204043Z TRACE client::build: rustls::client::hs: Sending ClientHello Message {
version: TLSv1_0,
payload: Handshake {
parsed: HandshakeMessagePayload {
typ: ClientHello,
payload: ClientHello(
ClientHelloPayload {
client_version: TLSv1_2,
random: 8a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2,
session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b,
cipher_suites: [
TLS13_AES_256_GCM_SHA384,
TLS13_AES_128_GCM_SHA256,
TLS13_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
],
compression_methods: [
Null,
],
extensions: [
PresharedKeyModes(
[
PSK_DHE_KE,
],
),
KeyShare(
[
KeyShareEntry {
group: X25519,
payload: 8e1b0bc03f2ed3c6b1ac776cc205e5b427cdaa000387bcabea59289d7b64183a,
},
],
),
ExtendedMasterSecretRequest,
ServerName(
[
ServerName {
typ: HostName,
payload: HostName(
DnsName(
"posteo.de",
),
),
},
],
),
SupportedVersions(
[
TLSv1_3,
TLSv1_2,
],
),
NamedGroups(
[
X25519,
secp256r1,
secp384r1,
],
),
CertificateStatusRequest(
Ocsp(
OcspCertificateStatusRequest {
responder_ids: [],
extensions: ,
},
),
),
Protocols(
[
ProtocolName(
696d6170,
),
],
),
SessionTicket(
Request,
),
SignatureAlgorithms(
[
ECDSA_NISTP384_SHA384,
ECDSA_NISTP256_SHA256,
ED25519,
RSA_PSS_SHA512,
RSA_PSS_SHA384,
RSA_PSS_SHA256,
RSA_PKCS1_SHA512,
RSA_PKCS1_SHA384,
RSA_PKCS1_SHA256,
],
),
EcPointFormats(
[
Uncompressed,
],
),
],
},
),
},
encoded: 010000ee03038a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2207686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b0014130213011303c02cc02bcca9c030c02fcca800ff01000091002d00020101003300260024001d00208e1b0bc03f2ed3c6b1ac776cc205e5b427cdaa000387bcabea59289d7b64183a001700000000000e000c000009706f7374656f2e6465002b00050403040303000a00080006001d0017001800050005010000000000100007000504696d617000230000000d00140012050304030807080608050804060105010401000b00020100,
},
}
2024-11-05T15:21:43.223142Z TRACE client::build: rustls::client::hs: Got HRR HelloRetryRequest { legacy_version: TLSv1_2, session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b, cipher_suite: TLS13_AES_256_GCM_SHA384, extensions: [SupportedVersions(TLSv1_3), KeyShare(secp384r1)] }
2024-11-05T15:21:43.226147Z TRACE client::build: rustls::client::hs: Sending ClientHello Message {
version: TLSv1_2,
payload: Handshake {
parsed: HandshakeMessagePayload {
typ: ClientHello,
payload: ClientHello(
ClientHelloPayload {
client_version: TLSv1_2,
random: 8a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2,
session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b,
cipher_suites: [
TLS13_AES_256_GCM_SHA384,
TLS13_AES_128_GCM_SHA256,
TLS13_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
],
compression_methods: [
Null,
],
extensions: [
PresharedKeyModes(
[
PSK_DHE_KE,
],
),
KeyShare(
[
KeyShareEntry {
group: secp384r1,
payload: 04d07bff18162199be7cb2d7d7981064f36c06764b50689bc05e1e42d03ff05c9d29ab5b5b814e133084fc242e0413ad81dd317fe5405c2ae29027c2ae6dab8656e591d07999d13d2f87a70a885a997745d527d05b968cb1454259b72f80cf054a,
},
],
),
ExtendedMasterSecretRequest,
ServerName(
[
ServerName {
typ: HostName,
payload: HostName(
DnsName(
"posteo.de",
),
),
},
],
),
SupportedVersions(
[
TLSv1_3,
TLSv1_2,
],
),
NamedGroups(
[
X25519,
secp256r1,
secp384r1,
],
),
CertificateStatusRequest(
Ocsp(
OcspCertificateStatusRequest {
responder_ids: [],
extensions: ,
},
),
),
Protocols(
[
ProtocolName(
696d6170,
),
],
),
SessionTicket(
Request,
),
SignatureAlgorithms(
[
ECDSA_NISTP384_SHA384,
ECDSA_NISTP256_SHA256,
ED25519,
RSA_PSS_SHA512,
RSA_PSS_SHA384,
RSA_PSS_SHA256,
RSA_PKCS1_SHA512,
RSA_PKCS1_SHA384,
RSA_PKCS1_SHA256,
],
),
EcPointFormats(
[
Uncompressed,
],
),
],
},
),
},
encoded: 0100012f03038a2cb3625125cbe0fe7fcb83622aad0a8309c8b881492346c915a4da088c00a2207686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b0014130213011303c02cc02bcca9c030c02fcca800ff010000d2002d000201010033006700650018006104d07bff18162199be7cb2d7d7981064f36c06764b50689bc05e1e42d03ff05c9d29ab5b5b814e133084fc242e0413ad81dd317fe5405c2ae29027c2ae6dab8656e591d07999d13d2f87a70a885a997745d527d05b968cb1454259b72f80cf054a001700000000000e000c000009706f7374656f2e6465002b00050403040303000a00080006001d0017001800050005010000000000100007000504696d617000230000000d00140012050304030807080608050804060105010401000b00020100,
},
}
2024-11-05T15:21:43.226560Z TRACE client::build: rustls::conn: Dropping CCS
2024-11-05T15:21:43.253327Z TRACE client::build: rustls::client::hs: We got ServerHello ServerHelloPayload {
extensions: [
SupportedVersions(
TLSv1_3,
),
KeyShare(
KeyShareEntry {
group: secp384r1,
payload: 04e4e9c53dfc83202dcffd679cbf88b468c9b4743d96b21fc64da18153f3a9202e6040dca510efa13527bdd0242c3674b7b858637484910f2ec19608b8f3610971e6f38ca511b17d29934c1d443fee4f3cc61a4efa9967dbe532bbbc0c82c69141,
},
),
],
legacy_version: TLSv1_2,
random: 5b33236e7196b56beff305c9243278f217996d1d40c42e500c2fdbf2a653e35a,
session_id: 7686b848821d0d500a67ccc707c0be58f4ae79a142fb6965ebc9e9051007cc3b,
cipher_suite: TLS13_AES_256_GCM_SHA384,
compression_method: Null,
}
I notice that your server drops straight the ClientHello message (due to TLS 1.0?), whereas my server sends a HelloRetryRequest which allows me to try TLS 1.2. I will investigate and let you know.
Does your server support STARTTLS? If so, could you try?
PS: you can now download a pre-built binary from the CI, which prevents you to rebuild the project. This only work if you use default cargo features!
soywod commented
This is the full error: ConnectTls(Custom { kind: InvalidData, error: AlertReceived(HandshakeFailure) }). I will open an issue to rustls and seek for help.
soywod commented
To summarize: rustls is not compatible with your server. I tried many other crypto providers and none worked. One went a bit further but still failed later on. The last think I could do is to try with OpenSSL, but I need to refactor to many things first. Let's keep this issue open till I finally capable of testing with OpenSSL.
iojea commented
Ok... Sad news.
Just two comments:
- if I use start-tls in the config file, himalaya seems to enter a loop of something. Running
himalaya --traceI get:
2024-11-06T00:20:50.677849Z INFO himalaya::email::envelope::command::list: executing list envelopes command
2024-11-06T00:20:50.679704Z DEBUG email::imap: building 1 IMAP clients
And nothing else happens. It looks like it is trying to build the IMAP client for ever.
-
The server is supposed to be compatible with TLS 1.2
-
Some time ago I tried meli-email, and I was able to configure it and access my mail. I don't know if meli uses rustls.
Thanks for checking this out!
soywod commented
- if I use start-tls in the config file, himalaya seems to enter a loop of something.
It basically means that the server does not support STARTTLS as well. Although he infinite loop is strange, I will check if there is not an issue with the retry algorithm
The server is supposed to be compatible with TLS 1.2
After investigation from Rustls, it's not a TLS version issue but more a ciphersuites one. Your server seems to only support an old, insecure algorithm (DHE) that is purposefully not handled by Rustls.
Some time ago I tried meli-email, and I was able to configure it and access my mail. I don't know if meli uses rustls.
If I do not mistake, meli only supports native-tls.
Good news: it confirm the fact that Himalaya would work with native-tls.
Bad news: we are still far from supporting it, yet it's at the top priority. Here a mini-roadmap of what is missing:
- I am currently working on a compat layer for
TcpStreamandTlsStream. I am still prototyping it, so it may change. The idea behind is to use a common enumTcpStreamorTlsStreamsupporting different backends, including Rustls and OpenSSL (via Native TLS). - The low-level crate imap-next used for IMAP only supports Rustls at the moment. It needs to integrate a compatibility layer (like the one I am working on).
- The high-level crate imap-client also supports Rustls only.
- The high-level email-lib also supports Rustls only (it just requires some cargo feature forwarding tho)
- Finally, Himalaya CLI also supports Rustls only (it just requires some cargo feature forwarding tho)
Stay tuned! I will update this issue every time a new step is done.
soywod commented
FWI, I change the scope of this issue. It now stands for cargo features unification and support for different TLS providers (which would solve your initial issue).
soywod commented
Support other TLS providers is a bit more challenging than expected (regarding the actual state of the code). I was able to prepare the code for such feature, but it will come to the CLI in another minor or patch version, after the v1.0.0.