|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
23 Aug 2019, 01:51 AM | #1 |
Essential Contributor
Join Date: Oct 2003
Posts: 327
|
SSL negotiation failing
I have been using an old version of AquaMail on Android and today it started failing to connect to Fastmail servers. Nothing changed on my end. Did Fastmail change anything on their end?
I have opened a ticket but going by past experience, it will take at least a week, possibly two, to go through 1st-level support. Here's an excerpt from the app debug log for reference: Code:
Connecting to [mail.messagingengine.com:465, sslStrict, login = 0, pass present = true] Using strict SSL/STARTTLS factory Resolving address for mail.messagingengine.com IPv4: mail.messagingengine.com/66.111.4.51 IPv4: mail.messagingengine.com/66.111.4.52 Trying: mail.messagingengine.com/66.111.4.51:465 Setting SSL ciphers: [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_PSK_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_FALLBACK_SCSV] Setting SSL protocols: [TLSv1.2, TLSv1.1, TLSv1] ***** ERROR: Unable to connect to [mail.messagingengine.com:465, sslStrict, login = 0, pass present = true] javax.net.ssl.SSLHandshakeException: Handshake failed Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x9e6846c0: Failure in SSL library, usually a protocol error error:100c543e:SSL routines:ssl3_read_bytes:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:972 0x9ca76480:0x00000001) |
24 Aug 2019, 12:12 AM | #2 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
It is far better to use imap.fastmail.com and smtp.fastmail.com rather than the legacy mail.messagingengine.com. Also, verify that you are using an App password, not your main account password.
|
24 Aug 2019, 08:38 AM | #3 | |
Essential Contributor
Join Date: Oct 2003
Posts: 327
|
Quote:
Got a reply to my ticket. Based on the response ("yes we changed something") I assume that they require TLS 1.3 now or something similar that my old version of Aquamail does not support. Upgrading is not an option, the new owners made the free app horrific and there were some shenanigans with the paid one. I'll probably look into K-9 or FairEmail. |
|
24 Aug 2019, 08:39 AM | #4 |
Essential Contributor
Join Date: Oct 2003
Posts: 327
|
And it works again now!
Probably too many people complained. |