Pages: 1
RSS
do not update to 8.5.2 if you use Gmail. TLS
 
do not update to 8.5.2 if you use Gmail. TLS

does not work version 8.5.2, does not work with google gmail

last functional version 8.5
Edited: Krnac Martin - 30 June 2018 20:45:25
 
If I may make a couple of suggestions to you:

1. First, you made a post on something that wanted no  assistance. If you believe you have a real bug, please send to support.

2. Second, please do not announce what does not work unless you know for certain that it does not. Regarding this thread, I am using 8.5.2 with Gmail TLS 64-bit and it works fine.  



Other than that, welcome to the forum.

david
 
Hello there,

Same error with 8.5.2.


I have a google account, a ymail account , a gmx account.

Three errors with TLS 1.2.

30.06.2018, 10:25:50: IMAP - Connecting IMAP server imap.gmail.com to port 993
30.06.2018, 10:25:50: IMAP - TLS handshake started
! 30.06.2018, 10:25:50: IMAP - TLS handshake failed. Existing connections have been forced terminated by a remote host

30.06.2018, 10:25:50: IMAP - Connecting IMAP server imap.gmail.com to port 993
30.06.2018, 10:25:50: IMAP - TLS handshake started
! 30.06.2018, 10:25:50: IMAP - TLS handshake failed. Existing connections have been forced terminated by a remote host
Edited: Bertrand Yvers - 01 July 2018 12:53:24
 
Commenting on the 1st reply: 8.5.2 is broken,  it does not work with my Office365 account too for example. If an update to an email client breaks a key function even in some cases - it is broken by definition, and this thread's caption is in order. Some of us depend on our emails, updates MUST be tested thoroughly before going public. This is not a beta or a pre-release.
 
What you're saying is that because it doesn't work for *you* it doesn't work for others. I looked at the beta test logs and Office365 was successfully tested. Obviously, there is some nuance that applies to you, but not necessarily the rest of the world. And there will always be bugs to fix as there are far too many variations of a product as complex as TB! and the world of email to guarantee everything always works. There is a volunteer group to test beta releases and you might consider joining it. Active participation is always welcome there.

david
 
davide, why can not you accept that the bug is in TB? I know about 8 other people.

davide, proč nemůžete přijmout, že chyba je v TB? Znám 8 dalších lidí.
Edited: Krnac Martin - 03 July 2018 20:53:59
 
Hello,

The problem is now solved.

I have Kaspersky Internet Security 2019.

I desactivate Kaspersky SSL/TSL Root certificate and now it works like a charm.


The problem was Kaspersky Root Certificate.


Do you have Kaspersky anti-virus?


It works now with the BAT 8.5.2 TLS.
 
You can use The Bat! 8.5.4 available to download from https://www.ritlabs.com/en/products/thebat/download.php

This  version resolves TLS 1.2 compatibility issues. Connection failures were  caused by mail server servers which aborted the connection unless The  Bat! sends signature_algorithms ClientHello extension on TLS 1.2. To  resolve this incompatibility, The Bat! since version 8.5.4 always sends  the signature_algorithms extension during TLS 1.2 handshake.
 
Quote
Maxim Masiutin wrote:
You can use The Bat! 8.5.4 available to download from  https://www.ritlabs.com/en/products/thebat/download.php

This  version resolves TLS 1.2 compatibility issues. Connection failures were  caused by mail server servers which aborted the connection unless The  Bat! sends signature_algorithms ClientHello extension on TLS 1.2. To  resolve this incompatibility, The Bat! since version 8.5.4 always sends  the signature_algorithms extension during TLS 1.2 handshake.
Hello,

It works well with The Bat! 8.5.4 . I have no longer TLS problems.
I can now reactivate Kaspersky.

Thanks again.
 
Quote
Maxim Masiutin wrote:
You can use The Bat! 8.5.4 available to download from  https://www.ritlabs.com/en/products/thebat/download.php

This  version resolves TLS 1.2 compatibility issues. Connection failures were  caused by mail server servers which aborted the connection unless The  Bat! sends signature_algorithms ClientHello extension on TLS 1.2. To  resolve this incompatibility, The Bat! since version 8.5.4 always sends  the signature_algorithms extension during TLS 1.2 handshake.

Thanks for the update, however I can't still download email from Gmail even with 8.5.4, server still reports TLS error: Handshake failure. According to the log, it started happening with 8.4 on 2018-07-06 around 21:00 UTC.

I'm using pop.gmail.com, running The Bat with
Code
/TLS_VERSION_RANGE:3-3
and using Wireshark I see that it's sending
Code
           Extension: signature_algorithms
                    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                    Signature Algorithm: ecdsa_sha1 (0x0203)
                    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)


but server immediately responds with Handshake failure. I'm not running any antivirus besides Windows Defender. Could you please look into it? What other information can I provide for you to debug? Thank you!

UPDATE

When /TLS_VERSION_RANGE:3-3 is removed I can connect just fine. Debugged the issue a bit and the reason Gmail rejects the connection with /TLS_VERSION_RANGE:3-3 is that in that case The Bat advertises cipher suites that Gmail doesn't support, see High-Tech Bridge SSLScan results.

The Bat's advertised cipher suites (16 suites) without /TLS_VERSION_RANGE:3-3:
Code
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
TLS_RSA_WITH_RC4_128_SHA (0x0005)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
TLS_RSA_WITH_RC4_128_MD5 (0x0004)

The Bat's advertised cipher Suites (5 suites) with /TLS_VERSION_RANGE:3-3:
Code
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)

Gmail supports these on TLS 1.2:
Code
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384

And Gmails preferred suites for TLS 1.2 are:
Code
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
So The Bat with /TLS_VERSION_RANGE:3-3 advertises only AES-CBC SHA256 ciphersuites, while Gmail uses AES-GCM and ChaCha20-Poly1305 ciphersuites with SHA256.

Pretty please, can we get Gmail's preferred cipher suites in The Bat too and enabled when only TLS 1.2 is requested? Thanks!
Edited: foo bar - 07 July 2018 20:11:47 (Debugged the problem, adding ciphersuite lists)
 
There are plans for future versions of The Bat! to support AES CGM cipher suites.
 
The Bat! since version 9.1 supports AES GCM
 
I can't get gmail to work with 9.1.6. Works great with Postbox.
Pages: 1