* * *

Author Topic: Synapse cannot connect using SSL (IMAP and SMTP) with newer Linux versions.  (Read 814 times)

bernie61

  • New member
  • *
  • Posts: 12
I developed a program to send and receive email on Lubuntu 15.10 (Virtual Machine) with Lazarus 1.4.4 and Synapse.
There it runs perfectly.
When I run it on newer Linux versions, luke Lubuntu 16.04, Xubuntu 16.04 or Debian Jessie, it runs but cannot send nor receive email. The login fails.

I installed Lazarus on Debian Jessie and Lubuntu 16.04, and compiled there my program, thinking that in that way it may be linked with the right libraries. It compiles fine in both systems, but still it fails to connect by SMTP or IMAP when it runs.

May be Synapse, which is quite old, links with outdated SSL libraries? It is a guess.
If somebody has some tip to make this work, please share it with me.

Regards,
Bernie

Phil

  • Hero Member
  • *****
  • Posts: 2261
May be Synapse, which is quite old, links with outdated SSL libraries? It is a guess.
If somebody has some tip to make this work, please share it with me.

Be sure to use Synapse from trunk.


Thaddy

  • Hero Member
  • *****
  • Posts: 4273
And more important use one of the latest versions of openssl.
The reason it doesn't work is because openssl dropped some protocols. I mean dropped, no longer present because of security reasons.
With Synapse trunk, start always with TLS1.2 and not with anything else. (no sslv3, sslv2, tls1.0)
Synapse needs some  work on its ssl, but if you start with TLS 1.2 it works.
Some websites accept a fallback to sslv2 but not anything else.
Note modern webservers, email servers browsers and email clients also do not accept sslv3/tls1.0 so don't use these protocols.

Note that outdated ssl is rather unlikely: most distro's have still security updates for versions even older then LTS, so the openssl libs are almost always current if you apt update.
« Last Edit: May 15, 2017, 07:21:59 am by Thaddy »
"Logically, no number of positive outcomes at the level of experimental testing can confirm a scientific theory, but a single counterexample is logically decisive."

bernie61

  • New member
  • *
  • Posts: 12
Hi, thank you your recommendations.

I downloaded the last synapse from trunk and added two lines (the indented ones), before the login line:

    imap := TImapSend.Create;
    imap.Username := UN;
    imap.Password := PA;
    imap.FullSSL:=true;
    imap.AutoTLS:=true;   
    imap.TargetPort:=IPORT;
    imap.TargetHost := HO;
       imap.Sock.SSL.SSLType:=LT_TLSv1_2;
       imap.Sock.SSLDoConnect(); 

The problem is still there. Any insights? What I'm doing wrong.

Thanks in advance,
Bernie61

Thaddy

  • Hero Member
  • *****
  • Posts: 4273
What happens with autotls = false ?
"Logically, no number of positive outcomes at the level of experimental testing can confirm a scientific theory, but a single counterexample is logically decisive."

bernie61

  • New member
  • *
  • Posts: 12
What happens with autotls = false ?

It also fails to connect.

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus