close
Comments you submit will be routed for moderation. If you have an account, please log in first.
Modify

Opened 7 weeks ago

Closed 7 weeks ago

#568 closed bug (duplicate)

Couldn't initialize TLSv1/SSLv3 session with host

Reported by: antibike Owned by:
Priority: undecided Milestone:
Component: TCP/IP interface Version: nightly build
Severity: major Keywords:
Cc: OS Platform: MorphOS
Blocked By: Blocking:
Release Notes:

Description

Beim Versuch Emails per SMTP ueber 'smtp.web.de' oder 'mail.gmx.net' zu versenden bekomme ich folgende Fehlermeldung als Doppelpack (hier das Beispiel fuer Web.de):

Couldn't initialize TLSv1/SSLv3 session with host
'smtp.web.de'. (07.06.14 10:46:13)
---
Couldn't connect to host 'smtp.web.de'.
The mail server is currently down or doesn't support
the SMTP protocols. (07.06.14 10:46:13)

Das ganze scheint etwas Tageszeit abhaengig zu sein. Hin und wieder kann ich Emails versenden, auch wenn der Verbingungsaufbau zum SMTP sehr langsam ist. Meistens aber kann ich keine Emails versenden.

Attachments (5)

debugfile (7.3 KB) - added by antibike 7 weeks ago.
debugfile
2014-06-12_1_debuglog.txt (4.4 KB) - added by antibike 7 weeks ago.
2014-06-12_2_debuglog.txt (4.5 KB) - added by antibike 7 weeks ago.
2014-06-12_3_debug_nocerts.txt (5.4 KB) - added by antibike 7 weeks ago.
2014-06-12_4_debug_mail_sent.txt (9.3 KB) - added by antibike 7 weeks ago.

Download all attachments as: .zip

Change History (23)

comment:1 Changed 7 weeks ago by damato

  • Status changed from new to pending

Bitte mal die debug version des neuesten YAM nightly verwenden und ein NET debug log erzeugen und dann den Bereich um SSL_connect() und die eigentliche Fehlermeldung bitte hier posten, dann können wir schauen was genau schiefgeht.

P.S: Im übrigen wäre es schön die tickets bitte immer in englisch zu verfassen damit andere hiervon auch profitieren.

Changed 7 weeks ago by antibike

debugfile

comment:2 Changed 7 weeks ago by antibike

  • Status changed from pending to new

Attachment (debugfile) added by ticket reporter.

comment:3 Changed 7 weeks ago by damato

Thanks for the debug output. In fact, this seems to be exactly the same problem like #530, however until now only classic AmigaOS3 systems were affected by this. So please state which machine you use and which MorphOS version you actually use for doing these tests. In addition, please state if there is a rather long delay in trying to connect to the server and actually returning the error message or does it immediately return the error? Furthermore, please show the "SocketOptions =" line in your yam config file (section [Advanced]).

comment:4 follow-up: Changed 7 weeks ago by antibike

machine = Pegasos2 G4
os = MorphOS 3.5.1
delay between click on send button up to error message ~12 seconds
config file say "SocketOptions =" ... no option is set

comment:5 in reply to: ↑ 4 Changed 7 weeks ago by damato

Replying to antibike:

machine = Pegasos2 G4
os = MorphOS 3.5.1
delay between click on send button up to error message ~12 seconds
config file say "SocketOptions =" ... no option is set

Ok, thanks. And can you correlate the delay of ~12 seconds with the debug output and have a look where exactly it gets stuck until it continues and outputs the error message?

Furthermore please retry your test with the following SocketOptions setting:

SocketOptions = SO_RCVTIMEO=30 SO_SNDTIMEO=30 SO_KEEPALIVE=1

comment:6 follow-up: Changed 7 weeks ago by antibike

if you look at the allready attached debuglog it gets stuck on line 116 and continues with line 117
at the moment i can send emails, so testing new SocketOptions makes no sense

comment:7 Changed 7 weeks ago by antibike

ok i tried with the SocketOptions "SO_RCVTIMEO=30 SO_SNDTIMEO=30 SO_KEEPALIVE=1" but it stock on the same line and failed.

comment:8 Changed 7 weeks ago by damato

In 8073:

  • added some more debug output to better analyze SSL related connection problems. This refs #530 and #568.

comment:9 in reply to: ↑ 6 Changed 7 weeks ago by damato

Replying to antibike:

if you look at the allready attached debuglog it gets stuck on line 116 and continues with line 117
at the moment i can send emails, so testing new SocketOptions makes no sense

Thanks for your tests. It is, however, quite strange that the delay should happen between line 116 and 117. That's why I have added some more debug output. So please retry your tests with the next nightly build and please upload a new debug log again hopefully giving more hints where exactly the hang occurs.

Changed 7 weeks ago by antibike

comment:10 follow-up: Changed 7 weeks ago by antibike

here is the new debug log and it stuck at line 56 for around 10 seconds and continues at line 57
the bad thing is, there is no additional debug
is the debug flag correctly set?
setenv yamdebug net,!startup,stdout

comment:11 Changed 7 weeks ago by damato

In 8074:

  • revised some parts of the SSL certificate verification code to be a bit more robust. In addition, more debug output had been added to identify potential problems more easily. This refs #530 and #568.

comment:12 in reply to: ↑ 10 Changed 7 weeks ago by damato

Replying to antibike:

here is the new debug log and it stuck at line 56 for around 10 seconds and continues at line 57
the bad thing is, there is no additional debug
is the debug flag correctly set?
setenv yamdebug net,!startup,stdout

Yes, the debug flags are correct and there were actually some new debug output which I could identify and use. however, we are still not there so I revised some code passages in ssl.c and added even more debug output. In addition I rebuilt the latest nightly build from today (12th June) and put it on the nightly build server. So please download the nightly from today again and run your tests again. This time there should be definitely more debug output potentially identifying the reason why it hangs for 10 seconds.

Changed 7 weeks ago by antibike

comment:13 Changed 7 weeks ago by antibike

so here is the new debuglog with delay times

comment:14 Changed 7 weeks ago by damato

thanks for the new debug output. now I can see where it hangs for 11 seconds. Can you please, however:

  1. upload a debug log where the connection actually worked
  2. please retry the test but after having emptied the PROGDIR:Resources/certificates/ca-bundle.crt file so that it is completely empty.

comment:15 Changed 7 weeks ago by tboeckel

In 8078:

  • Debug.c: each debug message will now include the current time to be able to spot long delays more easily. This refs #530 and #568.

Changed 7 weeks ago by antibike

Changed 7 weeks ago by antibike

comment:16 Changed 7 weeks ago by antibike

i had some luck an can provide a debuglog with a working connetion
see also the debuglog with empty crt file

comment:17 Changed 7 weeks ago by damato

Please note the following comment in ticket #530 pointing out that the mail server of GMX and web.de have to be blamed for the problem you are seeing:

https://yam.ch/ticket/530#comment:68

Please also note the comment from Thore and the suggestion to exclude AES-based ciphers to work around the problem and which should give you additional 1-2 seconds less delay until SSL negotiations are finished and thus less probability that you will reach the timeout limit of GMX and web.de

comment:18 Changed 7 weeks ago by damato

  • Resolution set to duplicate
  • Status changed from new to closed

Due to the latest analysis this ticket seems to be exactly the same problem like #530. Thus, flagging it as a duplicate. Please continue any discussion in that ticket instead.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.

This list contains all users that will be notified about changes made to this ticket.

These roles will be notified: Reporter, Owner, Subscriber

  • Jürgen Lucas(Reporter, Participant)