AquaMail Forum
English - Android => Bug reports => Topic started by: 0brad0 on August 01, 2014, 03:25:37 am
-
Trying to connect via POP3/IMAP/SMTP I noticed AquaMail fails to connect to a server utilizing TLSv1.2.
-
Need to know a little bit more. Which email provider? Is TLS supported from the server side? Did the server has special ports for TLS?
-
Need to know a little bit more. Which email provider? Is TLS supported from the server side? Did the server has special ports for TLS?
The e-mail provider is irrelevant; the problem would be the same no matter what. I wouldn't be asking about TLSv1.2 support if it did not support TLS. The port is irrelevant as it could be on 143, 10000 or 50000 or some other random port and it would be the same issue. Other e-mail clients such as modern Thunderbird (31), mutt and other clients using modern OpenSSL, GnuTLS, NSS or some other TLS stack supporting TLSv1.2 work fine; AquaMail at the moment does not.
-
You'll want to enable "SSL hardening" in Aqua's network settings. Disabled by default.
Then it'll go like this:
// Order taken from OpenSSL 1.0.1c
private static final String[] ORDERED_KNOWN_CIPHERS = {
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
};
and like this
private static final String[] BLACKLISTED_CIPHERS = {
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
};
and like this
private static final String[] ORDERED_KNOWN_PROTOCOLS = {
"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"
};
I *think * it says "TLSv1.2".
-
You'll want to enable "SSL hardening" in Aqua's network settings. Disabled by default.
If what you posted is correct then in theory it should work, but after enabling that setting I am still not able to establish a connection to a server only allowing for TLSv1.2.
-
Well, I posted the code here:
https://gist.github.com/kmansoft/f4de66b422de7e93655d
I don't happen to have a mail server configured with TLS1.2 only.
If you can create a test account for me, I can take a look. I'd need IMAP or POP3 access too (so I can add the account into Aqua).
My email is kmansoft / gmail
-
PS:
First:
Feel free to compare Aqua's code to that in K9 Mail:
https://github.com/k9mail/k-9/blob/master/src/com/fsck/k9/net/ssl/TrustedSocketFactory.java
Yes, I copied some code from there. Almost all of it.
Second:
I was able to reconfigure my postfix server with TLSv1.2, and tried Aqua with SSL hardening enabled (so I don't need a test account anymore).
You're right, the code ended up using TLSv1.
And the reason is: socket.getEnabledProtocols in the code above returned [SSLv3, TLSv1].
The actual socket class is OpenSSLSocketImplWrapper.
I have no idea why it does not include TLSv1.1 and TLSv1.2.
I tested this on three devices -- HTC One Max with 4.4.2, Nexus 5 with 4.4.4, and a Samsung S4 Mini with 4.2.2 -- and it's the same on all of them. TLSv1.1 and TLSv1.2 are not listed as supported.
This Android code looks interesting, it says "No TLSv1.1 or TLSv1.2 support on SSLEngine based provider". But *the* provider in Android 4.1+ is OpenSSL, as far as I know (they switched from Bouncy Castle used in earlier versions).
https://android.googlesource.com/platform/libcore/+/cf6b19bbe9eba2ec41eeb3f0f1c2da1ad5e6800e/support/src/test/java/libcore/java/security/StandardNames.java#550
Since you seem to be quite knowledgeable about computer security stuff, maybe you can shed some light on this?
-
I did a bit more testing, with K9 Mail this time.
When connecting with K9 Mail, this is what I get in /var/log/mail.log (smtpd_tls_loglevel=1 in postfix's main.cf):
Aug 3 02:13:43 li463-125 postfix/submission/smtpd[4581]: Anonymous TLS connection established from [snip]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
With AquaMail, I get this:
Aug 3 02:15:45 li463-125 postfix/submission/smtpd[4632]: Anonymous TLS connection established from [snip]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
So it's consistent, and for both apps, caused by Android system code saying it only supports SSLv3, TLSv1.
Sanity check:
% openssl s_client -crlf -starttls smtp -connect localhost:587
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
in /var/log/mail.log:
Aug 3 02:17:43 li463-125 postfix/submission/smtpd[4745]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
----------
Feel free to file a bug at:
http://b.android.com
As for me (and AquaMail), I'm done here.
-----------
PS - stock Android Email, Nexus 5 with latest Android 4.4.4:
Aug 3 02:27:13 li463-125 postfix/submission/smtpd[5233]: Anonymous TLS connection established from [snip]: TLSv1 with cipher RC4-MD5 (128/128 bits)
RC4-MD5 ?
RC4-MD5 ?????
-
And the reason is: socket.getEnabledProtocols in the code above returned [SSLv3, TLSv1].
The actual socket class is OpenSSLSocketImplWrapper.
I have no idea why it does not include TLSv1.1 and TLSv1.2.
I tested this on three devices -- HTC One Max with 4.4.2, Nexus 5 with 4.4.4, and a Samsung S4 Mini with 4.2.2 -- and it's the same on all of them. TLSv1.1 and TLSv1.2 are not listed as supported.
This Android code looks interesting, it says "No TLSv1.1 or TLSv1.2 support on SSLEngine based provider". But *the* provider in Android 4.1+ is OpenSSL, as far as I know (they switched from Bouncy Castle used in earlier versions).
https://android.googlesource.com/platform/libcore/+/cf6b19bbe9eba2ec41eeb3f0f1c2da1ad5e6800e/support/src/test/java/libcore/java/security/StandardNames.java#550
Since you seem to be quite knowledgeable about computer security stuff, maybe you can shed some light on this?
Yes, I have two tablets and one of them is running 4.4 and was surprised about not being able to use TLSv1.2.
Looking around I came across this...
http://code.google.com/p/android/issues/detail?id=61085
"* These changes should appear in the next major platform release (so, not 4.4.x), the one offering API Level 20."
But not being familiar with the Android SDK I still don't get why TLS v1.1 / v1.2 support cannot be enabled as it looks like the K9 / AquaMail code is trying to do even if it is not enabled by *default*.
Google appears to be using OpenSSL almost everywhere from ChromeOS, Chrome on Android (although that might include other OS's in the future) and relatively modern Android.
-
>>> I still don't get why TLS v1.1 / v1.2 support cannot be enabled
Because it it's not listed as a supported protocol.
You can't enable something that's not there (or maybe looks like it's not there).
>>> These changes should appear in the next major platform release
I can confirm that Android Preview L (I've used the emulator) has TLSv1.1 and TLSv1.2 support and it works with Aqua.
Aug 3 11:01:35 li463-125 postfix/submission/smtpd[21143]: Anonymous TLS connection established from [snip]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
-
>>> These changes should appear in the next major platform release
I can confirm that Android Preview L (I've used the emulator) has TLSv1.1 and TLSv1.2 support and it works with Aqua.
Aug 3 11:01:35 li463-125 postfix/submission/smtpd[21143]: Anonymous TLS connection established from [snip]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Wow, that is pathetic and yet not surprising for Android. Same old crap from Google.
-
I see you filed a report in the Android bug tracker. I just added a comment to clarify things a bit more.
https://code.google.com/p/android/issues/detail?id=74408
-
Kostya, you know what needs to be changed to support tls 1.1 and 1.2? If the function you pointed to where tls 1.1 and 1.2 are enumerated as not supported, just returns nothing should that solve the problem?
I maintain 3 devices for OmniROM so it is no problem to make a build that incudes a patch to enable tls 1.1/1.2
Verstuurd vanaf mijn Xperia T met Tapatalk
-
@scanno -- so I typed a long response full of technical info, and then checked the code again...
...and then I finally saw it.
My bug. Very obvious now that I've actually noticed it.
Fixed.
TLSv1.2 now works great on an HTC One Max with 4.4.2 -- I assume it's also going to work on any other 4.4 device (and supposedly on Android 4.1 and higher).
Aug 3 21:05:55 li463-125 postfix/smtps/smtpd[11171]: Anonymous TLS connection established from [snip]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
One caveat:
It only works with "STARTTLS (strict)" and "SSL (strict)".
The "STARTTLS (accept any)" and "SSL (accept any)" variations use TLSv1 even when my code asks for TLSv1.2.
@0brad0
So there you have it. Just wait for the next -beta build of AquaMail.
Thanks for bringing it up.
-
One caveat:
It only works with "STARTTLS (strict)" and "SSL (strict)".
The "STARTTLS (accept any)" and "SSL (accept any)" variations use TLSv1 even when my code asks for TLSv1.2.
@0brad0
So there you have it. Just wait for the next -beta build of AquaMail.
Thanks for bringing it up.
Can you please explain why that is that it only works with strict mode? Frustrating since I am using self signed certs and this wouldn't help me.
Well either way it is still a step forward and a bug fixed ;)
Do you ever interact with the author of K9? If so can you please pass this issue on to the author.
-
>> why that is that it only works with strict mode
Android has several different ways to create SSL sockets. They all report TLSv1.2 as supported, but -- from Postfix logs -- not all of them actually use it.
This is with Android 4.4.
With Android L preview (future 5.0?) it was working already, but I'm also not sure about the strict vs. accept all thing.
If you're security minded, why a self-signed certificate?
>> Do you ever interact with the author of K9
I don't know any of the 100+ people working on K9 (except maybe without my knowing).
-
One caveat:
It only works with "STARTTLS (strict)" and "SSL (strict)".
The "STARTTLS (accept any)" and "SSL (accept any)" variations use TLSv1 even when my code asks for TLSv1.2.
@0brad0
So there you have it. Just wait for the next -beta build of AquaMail.
Thanks for bringing it up.
Can you please explain why that is that it only works with strict mode? Frustrating since I am using self signed certs and this wouldn't help me.
Well either way it is still a step forward and a bug fixed ;)
Do you ever interact with the author of K9? If so can you please pass this issue on to the author.
For home use, check https://www.startssl.com for free server certificates. I am using this and works fine. The root certificate is in the Android Trust Base.
I was using cacert.org certificates but their root and intermediate certificates are not included in Android.
Verstuurd vanaf mijn TF300T met Tapatalk
-
For home use, check https://www.startssl.com for free server certificates. I am using this and works fine. The root certificate is in the Android Trust Base.
I was using cacert.org certificates but their root and intermediate certificates are not included in Android.
Thanks for pointing that out. I just came across StartSSL earlier while looking around. I'm looking at generating a cert for my use. Yes I have heard of CAcert but there are issues with using their certs even outside of Android.
-
I did more testing today.
It's a bit of a hassle, having to reconfigure some server side stuff, but turned out to be worth it.
Using a Nexus 5 with Android 4.4.4, I was seeing TLSv1.2 in postfix logs, for all four encryption types:
SSL strict:
Aug 4 14:45:45 li463-125 postfix/smtps/smtpd[17656]: Anonymous TLS connection established from [snip]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
SSL accept any:
Aug 4 14:46:37 li463-125 postfix/smtps/smtpd[17656]: Anonymous TLS connection established from [snip]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
STARTTLS strict:
Aug 4 14:47:24 li463-125 postfix/submission/smtpd[17705]: Anonymous TLS connection established from [snip]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
STARTTLS accept any:
Aug 4 14:48:09 li463-125 postfix/submission/smtpd[17705]: Anonymous TLS connection established from [snip]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
So, since the proof is in the pudding, here is a new build:
http://www.aqua-mail.com/download/AquaMail-market-1.4.1-56-beta6.5.apk
Please try it and give me your feedback.
-
Still getting SSLv1:
Aug 4 16:59:26 micro postfix/smtpd[24874]: Anonymous TLS connection established from <cut>: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Verstuurd vanaf mijn Nexus 10 met Tapatalk
-
@scanno - don't happen to own a Nexus 10.
Try Aqua's debug logging (logcat probably easier, I assume you have "adb").
The preferred ciphers / protocols are computed once and cached, so you'll need to reboot the device or kill and restart Aqua.
You should see something like this, like I do on my HTC One Max
08-04 19:08:05.457 I/SSLHardening(16482): Hardening reorder: [SSLv3, TLSv1, TLSv1.1, TLSv1.2], [TLSv1.2, TLSv1.1, TLSv1, SSLv3], null -> [TLSv1.2, TLSv1.1, TLSv1, SSLv3]
This means that SSLSocket.getSupportedProtocols returned: [SSLv3, TLSv1, TLSv1.1, TLSv1.2] (unordered)
Aqua's preferred protocols are: [TLSv1.2, TLSv1.1, TLSv1, SSLv3] (ordered)
Computed from above for use: [TLSv1.2, TLSv1.1, TLSv1, SSLv3] (ordered)
-
Yes that is correct, i get
I/SSLHardening( 2691): Hardening reorder: [SSLv3, TLSv1, TLSv1.1, TLSv1.2], [TLSv1.2, TLSv1.1, TLSv1, SSLv3], null -> [TLSv1.2, TLSv1.1, TLSv1, SSLv3]
Perhaps my postfix config is not correct
Verstuurd vanaf mijn Nexus 10 met Tapatalk
-
FWIW - I was testing with postfix as well.
Debian 7.6, postfix 2.9.6-2, openssl 1.0.1e-2+deb7u11.
-
@Kostya
Sorry for the confusion. I am a bit stupid....
For my personal needs i am using a dedicated SSL port (so no need for STARTTLS). SSLv3 == TLS v1
When i am starting a TLS session on the standard smtp port with STARTTLS, i get a TLS 1.2 session:
Aug 4 17:49:28 micro postfix/smtpd[26396]: Anonymous TLS connection established from [cut] TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
[EDIT]
I have specified a smtps group in my master.cf with smtpd_tls_wrappermode=yes .
I have not figured out yet if this means it is using SSLv3 or just assuming that a secure session should be set up without the need to use STARTTLS, but using TLS v1.2 if available
[EDIT 2]
Hmmm think that it should support TLS v1.2 also when using smtpd_tls_wrappermode=yes.
-
smtpd_tls_wrappermode=yes means negotiate encryption upon connect, without waiting for a protocol-specific STARTTLS command.
This is ports 993 (IMAP), 995 (POP3) and 465 (SMTP) -- of course we're talking about postfix here, so it's SMTP, but the principle applies.
This corresponds to "SSL" in AquaMail (as opposed to STARTTLS). I have tested this case and was getting TLSv1.2 in postfix's logs.
-
I know it should not matter. Perhaps the postfix session cache is messing my tests up a bit.
-
@scanno -- that sounds like a very good guess!
Would also explain why I was getting "TLSv1" in some of my tests yesterday, and TLSv1.2 in all of them, today.
-
Yeah, it's the session cache alright -- but on Aqua's side.
Maybe postfix's cache needs to be flushed too, but on your Android device, delete all files inside /data/data/org.kman.AquaMail/app_sslcache.
After doing this, I'm getting "TLSv1.2, cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA" with Fastmail and Yandex.
Gmail's IMAP is still "TLSv1, cipher TLS_ECDHE_RSA_WITH_RC4_128_SHA", but SMTP is "TLSv1.2, cipher TLS_ECDHE_RSA_WITH_RC4_128_SHA"
PS - going to add some code to delete those files when "SSL hardening" is changed.
-
Done.
http://www.aqua-mail.com/download/AquaMail-market-1.4.1-56-beta6.6.apk
You'll need to toggle "SSL hardening" off and back on (to clear those caches), and reboot the phone or kill Aqua's process.
With this, I'm seeing TLSv1.2 for Gmail's IMAP too.
-
@Kostya
confirmed working.
Verstuurd vanaf mijn Nexus 10 met Tapatalk
-
Eeexceleeent! :)
-
Done.
http://www.aqua-mail.com/download/AquaMail-market-1.4.1-56-beta6.6.apk
You'll need to toggle "SSL hardening" off and back on (to clear those caches), and reboot the phone or kill Aqua's process.
With this, I'm seeing TLSv1.2 for Gmail's IMAP too.
With two 4.4 devices I am now seeing working TLSv1.2 support. Thank you.
-
Great. Thanks.
-
Great. Thanks.
Could you consider moving the enabling of TLS v1.1 / v1.2 out from under SSL hardening which IMO should be for enabling the higher grade ciphers although even that is debatable and enabling said protocols by default? As in installing AquaMail by default without toggling the SSL hardening option should allow for the client to utilize TLS v1.1 / v1.2 by default.
-
No. I'm not clear on performance and compatibility implications.
And this can cause more pain than good.
You're a very technically sophisticated user, and it's great, but not everyone is like that.