Topic: SSL Error on Iphone iOS 9 OX Capitan

[seb]

Hi Forum,

I been using iphone iOS 8 with email to our office SME. SSL enable at both sides for external access.

Today i upgrade my iOS to version 9 from Apple, and also my OSx El Capitan, and both give me error on retrieving email. When im on LAN and disable SSL from the clients email retrieve just fine... maybe something with the SSL?

Thanks for any hint!

Cheers.
Seb

[Daniel B.]

Well, it depends, which error do you get ?

[seb]

Well, it depends, which error do you get ?

From the Client side just "server not responding"... let me know hoy to get you logs on the server side...
Thx.

[Daniel B.]

This looks more like a closed port than an SSL issue. Is there some router or firewall in front of your SME Server ?

[mmccarn]

Since your system used to work w/ Yosemite & iOS 8 there might be a problem related to SSL changes. 

I can't find anything talking about this online in relation to either iOS9 or El Capitan, but -

If Apple has changed the default SSL settings (as have Chrome & Firefox over the last year) to prevent the use of old/insecure SSL features, then you may need to either update the SSL configuration on your server or figure out how to convince your Apple devices to permit you to use the old/broken features.

Here's a bug that talks about email not working after updating users to Windows 8.1, presumably related to SSL / TLS1.2:
http://bugs.contribs.org/show_bug.cgi?id=8854

[seb]

Thanks mmccarn, i think is SSL related too.

Do you know from the SME side how can i upgrade the SSL package?

thanks.

[Daniel B.]

Unless you haven't told us everything you know, I see nothing in "server not responding" which could point to an SSL related problem

[seb]

Unless you haven't told us everything you know, I see nothing in "server not responding" which could point to an SSL related problem

Daniel, as i posted initially when i disable SSL email retrieve works just fine... i really never see nothing on error notice popus on apps side instead we are looking on logs...

[Stefano]

Thanks mmccarn, i think is SSL related too.

ATM we have no evidence of it

Do you know from the SME side how can i upgrade the SSL package?

without having no clue about what's going wrong and without any kind of info about your issue, no upgrade is a solution (for any meaning of the word "upgrade")

please, take a look at logs on your mac side (mac is an unix, so similar to linux/SME and it has /var/log directory) and file a new bug, thank you

[janet]

seb

....i think is SSL related too.
Do you know from the SME side how can i upgrade the SSL package?

I think you are probably jumping to (wrong) conclusions here. There is nothing to support your idea that an upgraded ssl package will solve the problem.
For starters you have not even identified the problem. Just saying that you can turn SSL off on the LAN does not prove there is something wrong with the SSL package in SME server.

I just upgraded my iPhone 5 to iOS9, & I am remotely accessing mail on a SME8.1 server using IMAP & SMTP on ports 465 & 993 & it works correctly, both before & after the upgrade, so I do not think that either SME8.1 packages or iOS9 or both together are the problem.
You need to look harder & find what & where the problem is BEFORE you propose fixes for it.

Did you check the settings on iPhone, in Settings, Mail, select account & check.

There are questions asked which you have not answered, people here cannot help you unless you provide the feedback requested, please re-read all the posts & carefully answer every single question that has been asked, & supply all relevant information. Start looking in the qpsmtpd logs on SME server for starters.

Try a different phone & see what happens.
Try a different email client on a different remote PC eg Windows with Thunderbird using the same port & SSL settings etc & see what happens.

[Brenno]

I can confirm what Seb has reported here.

Using iPhone 6 with iOS 8 last night worked fine in conjunction with SME 7.6 server for access via IMAPS on 993/465.  Immediately after updating to iOS 9, I only get the message "Cannot get mail.  The server xxxx.xx is not responding.  Verify that you have entered the correct account info in Mail settings."  Of course, I have done that and I have also completely removed the account from the phone and re-added it to no avail.  IMAPS access is fine from alternate clients such as Thunderbird (< 31.2.0), iOS 8 and Android devices.

This makes me think that, as mmccarn proposed, Apple has quietly dropped support for older versions of SSL; we went through a similar situation last year when Mozilla changed SSL support starting in Thunderbird in version 31.3.0; we were able to work around that by locking the version at 31.2.0 for clients who access the server remotely.

This article seems to lend support to the idea, too:

https://blog.winkelmeyer.com/2015/07/update-your-ssl-on-servers-to-support-tls-1-2-before-ios-9-and-os-x-10-11/

Aside, yes - I know that 7.6 is very outdated, so let's not get into that conversation here.  The question for me, at least while still on this version of SME - and apparently on newer versions, too - is can we update these boxes to work with the new SSL requirements?

[janet]

Brenno

I can confirm what Seb has reported here.

Your report is about a totally different scenario, you are using SME7.6, seb is using SME8.1 (by assumption of course as the post was in the SME8 forum & the server is fully updated).
There were a lot of changes between SME7.6 & 8.0 (8.1) that could be involved, please read the release notes for SME8.0.

"Cannot get mail.  The server xxxx.xx is not responding.

You really need to review log files on your sme7.6 to get more specific details & error messages, there are usually strong clues provided in log files as to the nature of the problem.

....Apple has quietly dropped support for older versions of SSL.....

Well that is a possibility, needs further investigation.

Re your SME7.6:
I doubt very much that anybody here or externally will do any work on updating SME7.6 packages, that version is obsolete (by quite a few years), & it is a relatively easy exercise to upgrade to SME8.1 (at least) which can be achieved by CD or yum upgrade.
My recommendation of course would be to move to SME9.0 or even 9.1beta2 (note that 9.1 final is soon to be released)

If there is resistance to upgrading, then tell them that SME7.6 is insecure (which it is) & the server needs newer packages or whatever to work with newer external devices etc.
If you are using SME7.6 on public networks for email, which you imply you are, then you are running an insecure server, it's as simpe as that.

Your problem may simply be related to using a very old SME 7.6 server.

....Aside, yes - I know that 7.6 is very outdated, so let's not get into that conversation here.

Well it is hard not to get involved in that sort of discussion, becasuse it is necessary.

....The question for me, at least while still on this version of SME - and apparently on newer versions, too - is can we update these boxes to work with the new SSL requirements?

Well that is not strictly true about newer versions of SME server.
In my post immediately before this one, I demonstrated that iOS 9 on an iPhone 5 can access mail on a SME8.1 fully updated server, using SSL on ports 465 & 993, so it does work OK (for me), both sending & receiving.
That suggests there will be localised issues if it is not working correctly for seb.
So to me that is suggestive that there is no inherent problem (fault) with either device or the combination of the two (iOS 9 & SME8.1).

I think for you it may be time to do an upgrade to SME8.1. You could test it out in a VM first if you want proof.

I will try shortly with a SME 9 & 9.1b2 servers, but I expect all will be OK.
I will also access a iPhone 6+ later today & test that too.

Probably as has already been suggested, this original post by seb would be best reported as a bug, & then proper investigation can be done.

[seb]

Guys,
Just notice that our server is still in 7.2, and not only that's the problem... when trying to yum update we notice the templates on yum repos are modified by a company that uses to host other apps on the SME Server.

I'll post the yum issue im having in order to get advice on how to restore the 7.2 yum file and move to 8.

Thanks
Seb

[janet]

seb

I'll post the yum issue im having in order to get advice on how to restore the 7.2 yum file and move to 8.

OK then SME7.2 is probably the source of your problem.

I will suggest you avoid using yum to upgrade your server.
The repos are now archived & the names have changed & as there were many changes made in the SME7 point releases between 7.2 & 7.6, there are & will be issues for you when using yum.
Even the correct versions of yum packages & smeserver-yum are required & it can be a fiddly exercise getting the right packages installed that will facilitate a smooth upgrade as well as configuring repo locations to get these packages.
There are examples of this in the forums where users have upgraded to sme8 a long time after the repos were archived, & the instructions that need to be given depend very much on the server in question etc.
It can be quite time consuming & difficult to give advice on.

As such I STRONGLY suggest you upgrade using CD, it will be quicker & easier.
Do first the CD upgrade to SME7.6 & then do the CD upgrade to SME8.1 & that will be as smooth as possibly can be.

Advice in these forums etc a few years back, was that when upgrading to SME8.0, users should bring their server to at least v7.6 before running the upgrade. Many packages changed & the upgrade simply works better without complications if you do a 2 stage upgrade.

Make sure you remove all custom templates when/before doing the upgrade to SME8, & make sure you reset all repos using the master reinitialise repo command after the upgrade (it is important to remove all old sme7 repos), ask again if you cannot find the command, but look at FAQ under repositories.

I for one do not want to give advice on doing a yum upgrade at this late stage, it is too tricky to resolve.
Please go the CD upgrade route.

[janet]

To all

Just tested this, iOS 9 on iPhone 5 works OK with SME 9.1beta2 sending & receiving mail remotely using IMAPS & SSMTP on ports 993 & 465
In the iphone setup I selected SSL/TLS accept all certificates