Poster | Thread |
Serpi
| |
YAM 2.9p1 SSL error Posted on 16-Apr-2015 10:30:14
| | [ #1 ] |
|
|
|
Cult Member |
Joined: 31-Jul-2003 Posts: 547
From: Germany | | |
|
| Hi all,
after upgrading YAM from (AFAIR 2.5) to 2.9p1 yesterday now I cannot fetch the mail from my freenet.de account.
Settings are identical to the old settings which worked just a few minutes earlier, but I get an error "cannot initiate SSL/TLS session" (or similar).
This is on OS4U6 (didn't install FE yet).
I've looked for an updated AmiSSL or OpenSSL but didn't find anything.
I have updated all components from the YAM updater.
Help!
Thanks & Ciao, Alfred |
|
Status: Offline |
|
|
Severin
| |
Re: YAM 2.9p1 SSL error Posted on 17-Apr-2015 7:20:09
| | [ #2 ] |
|
|
|
Elite Member |
Joined: 18-Aug-2003 Posts: 2740
From: Gloucestershire UK | | |
|
| @Serpi
SSL is out of date, there is no update available yet, you're bext chance is to use 'no security' until it's fixed.
Installing FE won't help either. _________________ OS4 Rocks X1000 beta tester, Sam440 Flex (733)
Visit the Official OS4 Support Site for more help.
It may be that your sole purpose is to serve as a warning to others. |
|
Status: Offline |
|
|
graff
| |
Re: YAM 2.9p1 SSL error Posted on 17-Apr-2015 10:30:19
| | [ #3 ] |
|
|
|
Member |
Joined: 4-Jul-2005 Posts: 54
From: Unknown | | |
|
| @Serpi I have the exact same problem with my email provider. What we found out was that the AmiSSL version is based on a too old SSL version which does not properly support the encryption strength used on the signatures of all new SSL certificates issued. So when a provider needs to update the expiry date of their SSL certificates they get a certificate with a signature not supported by AmiSSL.
YAM will get an error from AmiSSL and refuse to work with the SSL connection to your email provider.
The nightly build of YAM, however, has an extra feature where it displays an error dialog in which you can choose to use this unvalidated SSL certificate anyway - and that has enabled me to fetch emails again from my provider. So try to use the nightly build as see if that works around the problem for you too. _________________ Regards Thomas Graff Thøger |
|
Status: Offline |
|
|
Hypex
| |
Re: YAM 2.9p1 SSL error Posted on 17-Apr-2015 15:58:48
| | [ #4 ] |
|
|
|
Elite Member |
Joined: 6-May-2007 Posts: 11180
From: Greensborough, Australia | | |
|
| Okay guys, so why did it work before "yesterday " ? I don't understand how AmiSSL would suddenly go out of date after a YAM update that was working days before. At least that'a how it looks. |
|
Status: Offline |
|
|
Severin
| |
Re: YAM 2.9p1 SSL error Posted on 17-Apr-2015 16:15:34
| | [ #5 ] |
|
|
|
Elite Member |
Joined: 18-Aug-2003 Posts: 2740
From: Gloucestershire UK | | |
|
| @Hypex
Probably because the older yam did not support the encryption method that is now failing (SSLv3) and only supported SSLv2 which the provider might support as a fall back.
You could try setting AmiSSLCheck to N in the .config file in the email drawer. no idea if it will do anything though. _________________ OS4 Rocks X1000 beta tester, Sam440 Flex (733)
Visit the Official OS4 Support Site for more help.
It may be that your sole purpose is to serve as a warning to others. |
|
Status: Offline |
|
|
Serpi
| |
Re: YAM 2.9p1 SSL error Posted on 18-Apr-2015 12:20:00
| | [ #6 ] |
|
|
|
Cult Member |
Joined: 31-Jul-2003 Posts: 547
From: Germany | | |
|
| @Severin
OK, setting AmiSSLCheck in .config just did nothing, it was always set back to "Y" at start.
My provider also needs SSL no unencryted connection is possible.
Is there any way to tell AmiSSL not to use SSLv3 for an app or at all?
I've also seen settings in the config file that might help:
POP00.SSLCert = POP00.SSLCertFailures = 0
But i don't know what they are for.
And last but not least there's a file in resources/certificates with newer certificates in the YAM drawer, isn't this used?
For now I will try the nightly build...
Thanks & Ciao, Alfred |
|
Status: Offline |
|
|
Serpi
| |
Re: YAM 2.9p1 SSL error Posted on 18-Apr-2015 13:02:09
| | [ #7 ] |
|
|
|
Cult Member |
Joined: 31-Jul-2003 Posts: 547
From: Germany | | |
|
| OK, tried the nighty build, didn't work.
Then I tried dieffernet stable releases, the last version that worked was 2.7 which I'm using now.
There's also a setting that says it uses SSLv3 so that seems not to be the problem.
Ciao, Alfred
|
|
Status: Offline |
|
|
number6
| |
Re: YAM 2.9p1 SSL error Posted on 18-Apr-2015 13:39:17
| | [ #8 ] |
|
|
|
Elite Member |
Joined: 25-Mar-2005 Posts: 11540
From: In the village | | |
|
| @Serpi
Quote:
Then I tried dieffernet stable releases, the last version that worked was 2.7 which I'm using now. |
Just a note so we can compare results.
V2.8 still working for me.
#6
_________________ This posting, in its entirety, represents solely the perspective of the author. *Secrecy has served us so well* |
|
Status: Offline |
|
|
Serpi
| |
Re: YAM 2.9p1 SSL error Posted on 19-Apr-2015 11:45:12
| | [ #9 ] |
|
|
|
Cult Member |
Joined: 31-Jul-2003 Posts: 547
From: Germany | | |
|
| @number6
Quote:
Just a note so we can compare results.
V2.8 still working for me.
#6
|
Just tried V2.8 (again, I think) and got the error: "Couldn't initialize TLSv1/SSLv3 session with host 'mx.freenet.de' of account ..."
I don't get the error with 2.7 or earlier but with every version from 2.8.
Thanks & Ciao, Alfred |
|
Status: Offline |
|
|
number6
| |
Re: YAM 2.9p1 SSL error Posted on 19-Apr-2015 12:00:49
| | [ #10 ] |
|
|
|
Elite Member |
Joined: 25-Mar-2005 Posts: 11540
From: In the village | | |
|
| @Serpi
If you want to compare any settings in config, just ask.
In this case I am (see profile) using AmigaOS4.0 final, with YAM V2.8, in case that offers a clue as to the performance difference.
#6
_________________ This posting, in its entirety, represents solely the perspective of the author. *Secrecy has served us so well* |
|
Status: Offline |
|
|
number6
| |
Re: YAM 2.9p1 SSL error Posted on 19-Apr-2015 18:52:36
| | [ #11 ] |
|
|
|
Elite Member |
Joined: 25-Mar-2005 Posts: 11540
From: In the village | | |
|
| @Serpi
Off-topic.
I'm still telling people about jpegoptim btw. I still don't think people realize that it's "the key" to getting all the older programs that do not use datatypes to load all the newer .jpg formats, without having to rewrite the programs or the loader modules as in the case of AdPro etc.
#6
Last edited by number6 on 19-Apr-2015 at 07:10 PM.
_________________ This posting, in its entirety, represents solely the perspective of the author. *Secrecy has served us so well* |
|
Status: Offline |
|
|