4251 – SNI support added in v3.17.3 is missing from Windows build of v3.17.4

Bug 4251 - SNI support added in v3.17.3 is missing from Windows build of v3.17.4

Summary: SNI support added in v3.17.3 is missing from Windows build of v3.17.4

Status:	NEW

Alias:	None

Product:	Claws Mail (Windows)
Classification:	Unclassified
Component:	default (show other bugs)
Version:	3.17.4
Hardware:	PC Windows 10

Importance:	P3 critical
Assignee:	users

URL:

Depends on:
Blocks:

Reported:	2019-09-14 20:16 UTC by ramyar.s
Modified:	2020-12-06 15:42 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description ramyar.s 2019-09-14 20:16:52 UTC

Hi,
My experience with Windows build of Claws Mail and searching the web suggests that TLS SNI support is disabled in the Windows version of v3.17.4. Here is my experience:

v3.17.3 works with imap.gmail.com. v3.17.4 says that the certificate has changed to one signed by invalid2.invalid.

My search results:

ebol4anthr4x, reddit: Google has configured their servers to respond with an invalid certificate if your IMAP client doesn't support SNI.

Viktor Dukhovni, openssl.org: Specifically, the Google SMTP servers serving millions of domains (including gmail.com), now only do TLS 1.3 when SNI is presented, and when SNI is missing, not only negotiate TLS 1.2, but use an unexpected self-signed cert chain ...

Bug 4103 (resolved fixed) maybe useful.

Help please.

Regards
Ramyar

Note You need to log in before you can comment on or make changes to this bug.