Author Topic: Resolution of SSL login error on Roadrunner??  (Read 6115 times)

magus21

  • Newbie
  • *
  • Posts: 8
Resolution of SSL login error on Roadrunner??
« on: December 13, 2015, 11:15:59 pm »
Having tried the posted work around and having it fail for myself I wondered if anyone had any information as to when this issue would be resolved and by what means. The roadrunner technical support people try to lay it at the feet of the aquamail developers saying that they did not update their certificates in a timely fashion. Was just wondering if we would get an update to the program or if something would simply happen behind the scenes to facilitate the resolution of this problem I imagine many of us are in a real pickle because of this I know that much of my business dealings depends on this program and I simply can't check email. Any information or input from any of the forum members or the  developers would be greatly appreciated.

mikeone

  • Hero Member
  • *****
  • Posts: 2746
Re: Resolution of SSL login error on Roadrunner??
« Reply #1 on: December 13, 2015, 11:24:08 pm »
What does the "login error message" exactly say?

Please see also the FAQ (search for SSL):

http://www.aqua-mail.com/?page_id=227
« Last Edit: December 13, 2015, 11:44:04 pm by mikeone »

mikeone

  • Hero Member
  • *****
  • Posts: 2746
Re: Resolution of SSL login error on Roadrunner??
« Reply #2 on: December 13, 2015, 11:32:34 pm »
And some more information (from AquaMail's Privacy policy):

http://www.aqua-mail.com/?page_id=1878

SSL certificate tracking

There is a type of security risk, not specific to AquaMail, but rather something that can affect any application that talks to a remote server, over the network, using encryption.

Called “man in the middle attack”, it’s when something is made to look like that remote server (mail server) even when it’s not – intercepting network traffic – and then it’s possible to decrypt that traffic and see what’s being transmitted (your password, for example).

AquaMail has a way to deal with this.

If you enable settings -> network -> SSL tracking, then AquaMail will examine each server’s “SSL certificate” (fingerprint) when it connects, save it, and then watch for changes on subsequent connects.

If a server’s certificate is found to be different from last time, it might mean that something’s pretending to be Gmail’s (or Yahoo’s or Hotmail’s…) mail server, when it’s really not.

In this case, AquaMail will stop right then, before transmitting your account’s password to a potentially malicious third party. There will then be an error message about it below the account (in the account list). Tap the error to examine the last known and the current certificates, and decide if you’re going to accept the change.

Now, some mail services (for example, Gmail, Office 365) change their encryption certificates quite often, and this will trigger the error, even though there is nothing bad going on.

It’s up to you (the user) to decide if a particular change in SSL certificates detected by AquaMail is valid, or possibly malicious, and if you want AquaMail to accept the new certificate and proceed.
« Last Edit: December 13, 2015, 11:38:19 pm by mikeone »

magus21

  • Newbie
  • *
  • Posts: 8
Re: Resolution of SSL login error on Roadrunner??
« Reply #3 on: December 15, 2015, 01:05:20 am »
Thanks for the input I was aware  off and had read that information however the crux of the problem lies between the developers at aquamail and the folks at Roadrunner reaching some sort of agreement and compromise. as of now they have aquamail pretty much locked out of the server until the issue is resolved I had  found a workaround of my own but they apparently modified something because even that no longer works so I guess if this doesn't change very quickly I'll be on to a new email program because  I have to have a way to conduct business would still appreciate any info or input from the developers or other forum members thank you all so much time

StR

  • Hero Member
  • *****
  • Posts: 1558
Re: Resolution of SSL login error on Roadrunner??
« Reply #4 on: December 15, 2015, 01:39:06 am »
It might help if you would actually post what type of error is displayed (text, or a screenshot).


mikeone

  • Hero Member
  • *****
  • Posts: 2746
Re: Resolution of SSL login error on Roadrunner??
« Reply #5 on: December 15, 2015, 10:06:24 am »
Thanks for the input I was aware  off and had read that information however the crux of the problem lies between the developers at aquamail and the folks at Roadrunner reaching some sort of agreement and compromise. as of now they have aquamail pretty much locked out of the server until the issue is resolved I had  found a workaround of my own but they apparently modified something because even that no longer works so I guess if this doesn't change very quickly I'll be on to a new email program because  I have to have a way to conduct business would still appreciate any info or input from the developers or other forum members thank you all so much time
@magus21:
I'm not sure why you are not able to provide the developer with the requested input from your side (exactly type of error message), but expecting "... input from the developers or other forum members..."

Another point:
AquaMail's in-app link (very first entry in > Settings > "Help/FAQs/Forum") leads to the FAQ section with a "Breaking News headline" which offers a link straight to a post from AquaMail's developer Kostya at Google+ (dated on 11th December 2015):

https://plus.google.com/+KostyaVasilyev/posts/La56yyFkhyK

Interesting, isn't it?


In summary:
There already exists a lot of input provided by the developer in general (FAQ > search for "SSL" > unfortunately not helpful for the "Roadrunner SSL Certificate issue") and in particular - regarding your issue with Roadrunner's IMAP server configuration - (Breaking News headline) with specifically assistance for affected users.
« Last Edit: December 15, 2015, 10:14:44 am by mikeone »

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12742
Re: Resolution of SSL login error on Roadrunner??
« Reply #6 on: December 15, 2015, 10:54:23 pm »
"the crux of the problem lies between the developers at aquamail and the folks at Roadrunner reaching some sort of agreement and compromise"

Completely wrong.

TWC fucked up big time and they don't even realize it, so they're giving you the usual "first line support spin" -- "sir, we don't support this app, but please check your settings and try again".

There is nothing AquaMail specific about SSL encryption.

You can see same exact error in Gmail app (Gmail app, from Google, you know?) here when trying to use TWC settings *from TWC's help site*:

https://plus.google.com/+KostyaVasilyev/posts/La56yyFkhyK

The issue is also reproducible with "openssl" tool (a low level Linux app for testing encrypted network connectivity), not using any mail app at all.

---

Workaround:

Use "SSL (accept all)" rather than "SSL (strict)" in the account's incoming server settings.

If this is a new account, press Manual after entering your email / password and you'll see on the next screen.

If this is an existing account, long press it (the account) in the app's main window (account list) -> Account setup -> Manual.

---

As to when this certificate issue is going to be resolved:

I don't work for TWC and can't know this.
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

mikeone

  • Hero Member
  • *****
  • Posts: 2746
Re: Resolution of SSL login error on Roadrunner??
« Reply #7 on: December 18, 2015, 11:26:29 pm »
@magus21
You should have a look into this thread:

"Google will be moving to distrust Symantec's root certificates"
http://www.aqua-mail.com/forum/index.php?topic=4225.msg22909#msg22909

... and I recommend to try the newest stable version 1.6.0.4-2 of AquaMail:

"+ Workaround for TWC / RoadRunner (bad SSL cert)"

http://www.aqua-mail.com/forum/index.php?topic=4238.0

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12742
Re: Resolution of SSL login error on Roadrunner??
« Reply #8 on: December 19, 2015, 10:25:22 pm »
They forgot to include the issuer certificate (Symantec Class 3 Secure Server CA - G4) in their server config file (certificate bundle).

Funny, when I purchased an SSL cert (a basic Comodo cert), it came with instructions on how to create a proper "bundle" which includes the issuer certificate so the whole thing is properly linked up to the trusted root CA.

And right now, the server at mail.twc.com is simply down, I'm unable to get a connection at all.
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

mikeone

  • Hero Member
  • *****
  • Posts: 2746
Re: Resolution of SSL login error on Roadrunner??
« Reply #9 on: December 19, 2015, 10:32:41 pm »
... and funny again the statement from the "roadrunner support people" as mentioned by magus21 in his very first post:

Having tried the posted work around and having it fail for myself I wondered if anyone had any information as to when this issue would be resolved and by what means. The roadrunner technical support people try to lay it at the feet of the aquamail developers saying that they did not update their certificates in a timely fashion. Was just wondering if we would get an update to the program or if something would simply happen behind the scenes to facilitate the resolution of this problem I imagine many of us are in a real pickle because of this I know that much of my business dealings depends on this program and I simply can't check email. Any information or input from any of the forum members or the  developers would be greatly appreciated.
....  :) :)
« Last Edit: December 19, 2015, 10:34:22 pm by mikeone »

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12742
Re: Resolution of SSL login error on Roadrunner??
« Reply #10 on: December 19, 2015, 10:41:27 pm »
Quote
The roadrunner technical support people try to lay it at the feet of the aquamail developers saying that they did not update their certificates in a timely fashion

LOL. There is a reason they're called "server" certificates.

So RR support is not incompetent -- rather they will resort to outright lies and misinformation in their finger pointing game.

Wonder what they'll have to say about this same exact issue visible in Google's Gmail app.

In any case, I did implement a hack in the latest forum build -- for those not wanting to change the incoming server encryption setting in AquaMail (posted above, takes 30 seconds or less).


« Last Edit: December 19, 2015, 10:43:27 pm by Kostya Vasilyev, Aqua Mail »
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/