EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 23 Aug 2019, 01:51 AM   #1
ao1
Essential Contributor
 
Join Date: Oct 2003
Posts: 317
Question SSL negotiation failing

I have been using an old version of AquaMail on Android and today it started failing to connect to Fastmail servers. Nothing changed on my end. Did Fastmail change anything on their end?

I have opened a ticket but going by past experience, it will take at least a week, possibly two, to go through 1st-level support.

Here's an excerpt from the app debug log for reference:

Code:
Connecting to [mail.messagingengine.com:465, sslStrict, login = 0, pass present = true]
Using strict SSL/STARTTLS factory
Resolving address for mail.messagingengine.com
IPv4: mail.messagingengine.com/66.111.4.51
IPv4: mail.messagingengine.com/66.111.4.52
Trying: mail.messagingengine.com/66.111.4.51:465
Setting SSL ciphers: [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_PSK_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_FALLBACK_SCSV]
Setting SSL protocols: [TLSv1.2, TLSv1.1, TLSv1]
***** ERROR: Unable to connect to [mail.messagingengine.com:465, sslStrict, login = 0, pass present = true]
javax.net.ssl.SSLHandshakeException: Handshake failed
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x9e6846c0: Failure in SSL library, usually a protocol error
error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0x9ca76480:0x00000001)
ao1 is offline   Reply With Quote

Old 24 Aug 2019, 12:12 AM   #2
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,791
It is far better to use imap.fastmail.com and smtp.fastmail.com rather than the legacy mail.messagingengine.com. Also, verify that you are using an App password, not your main account password.
BritTim is offline   Reply With Quote
Old 24 Aug 2019, 08:38 AM   #3
ao1
Essential Contributor
 
Join Date: Oct 2003
Posts: 317
Quote:
Originally Posted by BritTim View Post
It is far better to use imap.fastmail.com and smtp.fastmail.com rather than the legacy mail.messagingengine.com. Also, verify that you are using an App password, not your main account password.
The SSL negotiation happens before transferring the password.

Got a reply to my ticket. Based on the response ("yes we changed something") I assume that they require TLS 1.3 now or something similar that my old version of Aquamail does not support. Upgrading is not an option, the new owners made the free app horrific and there were some shenanigans with the paid one.

I'll probably look into K-9 or FairEmail.
ao1 is offline   Reply With Quote
Old 24 Aug 2019, 08:39 AM   #4
ao1
Essential Contributor
 
Join Date: Oct 2003
Posts: 317
And it works again now!

Probably too many people complained.
ao1 is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:44 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy