Evolution IMAP+: no common encryption algorithm(s)

18 replies [Last post]
gnitponsil
Offline
Joined: 04/16/2016

I want to try the standard Trisquel mail program Evolution. I've set up two different IMAP accounts successfully, but Evolution report it can't access the servers. Translated from Swedish:
Failed to open the folder. The reported error was "Could not connect to (imapserver:993): Cannot communicate securely with peer: no common encryption algorithm(s).
Latest version of Evolution seems to be 3.18. I have 3.10.4, and Program updater reports all programs are updated.
How do I fix this? I'm not experienced in gnu linux, but want to stay with free software.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Has you e-mail provider any documentation on how to configure a client? Try another encryption method when receiving mail, by accessing the related tab when "modifying" the account from the "Preferences" of Evolution.

gnitponsil
Offline
Joined: 04/16/2016

I can't find anything special with the IMAP settings. It's one yahoo mail and one Apple (me.com) mail. Both wants SSL, but then Evolution cannot connect. When I try STARTLS the server responses. But that doesn't feel right.
I wonder if perhaps the old version of Evolution I have is affected by the Poodle bug?
https://bugs.launchpad.net/ubuntu/+source/evolution-data-server/+bug/1382133

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

STARTLS uses SSL or TLS, which is better. Your mails will go through an encrypted channel with it.

gnitponsil
Offline
Joined: 04/16/2016

More strange errors when testing Icedove och Icecat, but perhaps related to my original Evolution problem (Poodle/SSLv3)?

I installed Icedove from the Synaptic Package Handler, but could not get IMAP to work there either.

I then installed Icecat, and tried to login to Apples Webmail for my mail adress, icloud.com, but was not allowed:

"An error occurred during a connection to www.icloud.com. Peer attempted old style (potentially vulnerable) handshake. (Error code: ssl_error_unsafe_negotiation)."

Abrowser has no problem logging in to icloud.com. Could Evolution, Icedove and Icecat use the same security handler, that sees these things as dangerous and refuses to connect?

gnitponsil
Offline
Joined: 04/16/2016

Ok, a little progress at last, regarding Icedove.
There seems to be some kind of problem with the create account wizard. If I write name, mail adress AND password on the first page in the wizard, Icedove (and Thunderbird) will give me a Username/Password error. It didn't help to enter the correct combination again in the manual settings (believe me, I tried many times).
The IMAP configuration that was fetched automatically was correct from the start, no changes helped (STARTLS, encrypted password etc).
I erased my accounts and started again, this time without entering a password in the wizard. After the wizard finished, I entered the account (and maybe clicked Send/Receive). Icedove asked for my password, which I saved, and suddenly my IMAP account was working without problems.

Is this finding something I should report somewhere?

gnitponsil
Offline
Joined: 04/16/2016

No progress regarding Evolution though. Evolution still refuses to connect to the IMAP server - username/password is never in play.
I wonder if upgrading Evolution to a later version than in the Trisquel repository would help. How do I do that? Is that safe to do?

alucardx
Offline
Joined: 02/29/2012

I use evolution with IMAP and starttls with all of my services. From what you are describing it sounds more like a server configuration issue.

gnitponsil
Offline
Joined: 04/16/2016

Could you please try to set up a fake mail address to any of the servers I use, and see if it works for you? (The error I get is before the address is validated, since Evolution can't connect to the server.) For example:

name at domain
(imap.mail.me.com, SSL, port 993, send.imap.me.com, SSL, port 587, authentication fake_test_160428)

name at domain
(imap.mail.yahoo.com, SSL, port 993, send.imap.yahoo.com, SSL, port 465/587, authentication fake_test_160428)

I get the error: Cannot communicate securely with peer: no common encryption algorithm(s).

loldier
Offline
Joined: 02/17/2016

Your Evolution uses older protocol SSLv3 that is vulnerable and disabled by your service.

https://askubuntu.com/questions/538522/evolution-error-cannot-communicate-securely-with-peer-no-common-encryption-alg

gnitponsil
Offline
Joined: 04/16/2016

I suspected so. How do I upgrade my Evolution? Seems like 3.10 is the latest in the Trisquel repository, even though the Packet handler shows a bunch of related packages with a star for upgrade. Maybe upgrading will do the trick?
Is there a way to filter so I can see upgradable packets only?
Or should I install a later release of Evolution? How do I do that?

loldier
Offline
Joined: 02/17/2016

Evolution 3.10.4 is in the repos. You can find a PPA easily and install 3.13.2. I'm not sure it's needed as many in this thread use Trisquel and have no problem with Evolution. Does STARTTLS work?

Update, upgrade and dist-upgrade.

loldier
Offline
Joined: 02/17/2016

>Could you please try to set up a fake mail address to any of the servers I use, and see if it works for you? (The error I get is before the address is validated, since Evolution can't connect to the server.) For example:

fake_test_160428 [at] me [dot] com
(imap.mail.me.com, SSL, port 993, send.imap.me.com, SSL, port 587, authentication fake_test_160428)<

I tried that and Evolution 3.10.4 works. Evolution finds the required mail server settings automatically.

fake2.png fake.png fake3.png fake4.png fake5.png
gnitponsil
Offline
Joined: 04/16/2016

Thanks! Did you test to click (Authentication:) Test Supported Types? Or expand the created account after finishing the setup? That's where I get the error message (cannot connect to server/peer).

I don't get the Mail authentication request that you made two screen dumps of! I remember I got a question the first time I started Evolution about some sort of functionality that would save passwords for Evolution and other programs. I said No, and I again got the question, with some extra Are you really, really sure? I was not sure, but insisted on No. I probably should have clicked Yes.

Is it possible to reinstall Evolution totally, so I get this question again and can say Yes to the password functionality?

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Reinstalling would not do anything. Removing ~/.config/evolution would, I guess. But can't you just delete the account from Edtition/Preferences and re-add it? And I still do not understand why you do not use STARTTLS since it works and is at least as secure.

gnitponsil
Offline
Joined: 04/16/2016

Sorry, I was unclear. When I tested incoming server using STARTTLS, I could see the name of my mail account in the main page, but no folders under it. I clicked the name to expand, and Evolution said: 'Scanning folders in 'IMAP server imap.mail.me.com' at the bottom. I saw Evolution prepared to show folders by starting a 'spinning' new row, but no folders emerged. I waited perhaps 10-15 seconds before deciding to abort. The main reason for aborting was that the provider instructions said SSL port 993, and I wanted to test that more. Also it was strange that the folders didn't show up immediately. I have only perhaps ten folders (including the standard ones) and probably less than 500 mails on the server.

This morning I stressed the test of STARTTLS, letting it scan for folders more than one hour. Nothing happened. I also tried to chose STARTTLS and change the port to 993, but when reentering the settings after a futile test, port was back on default 143.

I think imap.mail.me.com can't be used with STARTTLS. But smtp.mail.me.com uses STARTTLS, and I tested it today and it worked fine.

Icedove works fine using SSL port 993, but of course I would like to give Evolution a try, being part of the Trisquel package. But maybe I have to wait until Trisquel 8.

loldier
Offline
Joined: 02/17/2016

Settings are autodetected for this service. I checked for the supported types. I expanded the account folder in the interface and it prompts for a password. If you let it add the password to your keyring, you won't have to type in your password every time you start Evolution. You can delete your account and recreate it. It works with me and I'm at my wits end why it has issues with you.

--Receiving is 'SSL on a dedicated port'.

--Sending is 'STARTTSL after connecting'.

It gives errors if I change the automatically selected methods and check for supported types again. See the screenshots.

fake6.png fake7.png fake8.png
gnitponsil
Offline
Joined: 04/16/2016

Yes, it's a complete mystery. Icedove works perfectly with the exact same settings.

I tested sending a mail from Evolution, using my real me.com account set up like the fake one. Sending works! The outgoing server uses STARTTLS, not SSL.

When I try STARTTLS on the incoming server Evolution gets stuck in 'Scanning folders in 'IMAP server imap.mail.me.com'. I did let it try for one hour this morning without progress (with less than 500 mails on the server). When I try 'Check for Supported Types' in the Account settings, I get a time out error (I/O operation timed out). I guess the server don't listen to port 143.

Right now I can't think of any other explanation than the old poodle problem (SSLv3). In that case, if all of us have Evolution 3.10.4, then my version of the package that Evolution uses for SSL must be older than yours. And yet I downloaded the ISO of Belenos only perhaps two weeks ago.

Since I'm still experimenting, I'm thinking of reinstalling Trisquel from scratch and see if that solves the problem.

Many thanks for your support in this!

loldier
Offline
Joined: 02/17/2016

Receiving uses SSL on a dedicated port.