1. Forum
  2. USENET
  3. muc.lists.freebsd.ports

  • mail/claws-mail: IPv6 issues: SSL handshake error

    From A FreeBSD User@freebsd@walstatt-de.de to muc.lists.freebsd.ports on Thu Aug 28 17:16:09 2025
    From Newsgroup: muc.lists.freebsd.ports

    --Sig_/7+24N6HJsOEuO+JlhOJgsUW
    Content-Type: text/plain; charset=US-ASCII
    Content-Transfer-Encoding: quoted-printable

    Hello,

    I'm using mail/claws-mail for my daily work with FreeBSD (CURRENT, 14-STABL=
    E at this time).
    After switching to a working IPv6 environment I face serious connection pro= blems with one of
    my providers, to which claws-mail prefereably connects via IPv6. Sending an=
    d receiving is done
    via "Use TLS" on sending an receiving (the provider, goneo.de has a dedica= ted introduction
    configuring claws-mail I followed step by step).

    On the firewall I observe that the provider in question is connected via IP= v6, while other
    providers, University and others, are not, they are still with IPv4 and do = not show any issues.

    claws-mail provides a log screen, but I can not make much out of it, the SM=
    TP and/or IMAP
    server is connected at the correct port and the initial handshake seems all=
    right, but in 8
    out of 10 times the connection fails and does not get initialized due to a = "TLS handshake
    error". Sending emails takes sometimes 10 attempts, but then of a sudden it=
    works flawlessly!
    After running claws-mail for a couple of minutes a day, this problem seems =
    to go away in a
    mysterious way, receiving/sending works like a charm as nothing has ever be=
    en broken before
    ...

    I;m floating here like a dead man in the water. The firewall / router is Fr= eeBSD / ipfw, I
    suspected this instance, but why should mail being blocked/corrupted while = other connections
    via IPv6 work?

    Maybe someone has some ideas what to check and where to look ...

    Thanks in advance,
    oh=20


    --=20

    A FreeBSD user

    --Sig_/7+24N6HJsOEuO+JlhOJgsUW
    Content-Type: application/pgp-signature
    Content-Description: OpenPGP digital signature

    -----BEGIN PGP SIGNATURE-----

    iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCaLBy1AAKCRCxzvs8Oqok r76zAQDMseQZmJqwrmmugEIkbsI2ZDifUiHoBAHxMlk0vpHTeQD/caw/LSIHUcOw 9j9Qz1Y1daex67BuyFpV6dVOsSsIXg4=
    =/cvX
    -----END PGP SIGNATURE-----

    --Sig_/7+24N6HJsOEuO+JlhOJgsUW--


    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Ronald Klop@ronald@FreeBSD.org to muc.lists.freebsd.ports on Thu Aug 28 18:49:41 2025
    From Newsgroup: muc.lists.freebsd.ports

    Op 28-08-2025 om 17:16 schreef A FreeBSD User:
    Hello,

    I'm using mail/claws-mail for my daily work with FreeBSD (CURRENT, 14-STABLE at this time).
    After switching to a working IPv6 environment I face serious connection problems with one of
    my providers, to which claws-mail prefereably connects via IPv6. Sending and receiving is done
    via "Use TLS" on sending an receiving (the provider, goneo.de has a dedicated introduction
    configuring claws-mail I followed step by step).

    On the firewall I observe that the provider in question is connected via IPv6, while other
    providers, University and others, are not, they are still with IPv4 and do not show any issues.

    claws-mail provides a log screen, but I can not make much out of it, the SMTP and/or IMAP
    server is connected at the correct port and the initial handshake seems all right, but in 8
    out of 10 times the connection fails and does not get initialized due to a "TLS handshake
    error". Sending emails takes sometimes 10 attempts, but then of a sudden it works flawlessly!
    After running claws-mail for a couple of minutes a day, this problem seems to go away in a
    mysterious way, receiving/sending works like a charm as nothing has ever been broken before
    ...

    I;m floating here like a dead man in the water. The firewall / router is FreeBSD / ipfw, I
    suspected this instance, but why should mail being blocked/corrupted while other connections
    via IPv6 work?

    Maybe someone has some ideas what to check and where to look ...

    Thanks in advance,
    oh




    Hi,

    Does it work with this provider if you force claws-mail to use ipv4?

    Can you reproduce the issue easily? Is it possible to reproduce it with openssl?
    Something like this. There are also options to choose specific TLS versions. openssl s_client -starttls imap -connect <imap-server>:143 -6
    openssl s_client -starttls smtp -connect <smtp-server>:25 -6

    Can you tcpdump the traffic to a file and see in wireshark what is going on?

    Regards,
    Ronald.



    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From A FreeBSD User@freebsd@walstatt-de.de to muc.lists.freebsd.ports on Fri Aug 29 20:57:42 2025
    From Newsgroup: muc.lists.freebsd.ports

    --Sig_/bz_1Neq1c4IEuvJbYOO7SfX
    Content-Type: text/plain; charset=US-ASCII
    Content-Transfer-Encoding: quoted-printable

    Am Tage des Herren Thu, 28 Aug 2025 18:49:41 +0200
    Ronald Klop <ronald@FreeBSD.org> schrieb:

    Op 28-08-2025 om 17:16 schreef A FreeBSD User:
    Hello,
    =20
    I'm using mail/claws-mail for my daily work with FreeBSD (CURRENT, 14-S=
    TABLE at this time).
    After switching to a working IPv6 environment I face serious connection=
    problems with one
    of my providers, to which claws-mail prefereably connects via IPv6. Sen=
    ding and receiving
    is done via "Use TLS" on sending an receiving (the provider, goneo.de =
    has a dedicated
    introduction configuring claws-mail I followed step by step).
    =20
    On the firewall I observe that the provider in question is connected vi=
    a IPv6, while other
    providers, University and others, are not, they are still with IPv4 and=
    do not show any
    issues.
    =20
    claws-mail provides a log screen, but I can not make much out of it, th=
    e SMTP and/or IMAP
    server is connected at the correct port and the initial handshake seems=
    all right, but in 8
    out of 10 times the connection fails and does not get initialized due t=
    o a "TLS handshake
    error". Sending emails takes sometimes 10 attempts, but then of a sudde=
    n it works
    flawlessly! After running claws-mail for a couple of minutes a day, thi=
    s problem seems to
    go away in a mysterious way, receiving/sending works like a charm as no=
    thing has ever been
    broken before ...
    =20
    I;m floating here like a dead man in the water. The firewall / router i=
    s FreeBSD / ipfw, I
    suspected this instance, but why should mail being blocked/corrupted wh=
    ile other
    connections via IPv6 work?
    =20
    Maybe someone has some ideas what to check and where to look ...
    =20
    Thanks in advance,
    oh
    =20
    =20
    =20
    =20
    Hi,
    =20
    Does it work with this provider if you force claws-mail to use ipv4?
    =20
    Can you reproduce the issue easily? Is it possible to reproduce it with o=
    penssl?

    The problem itself as described can be reproduced with claws-mail utilizing=
    IPv6 - for me at
    least - on CURRENT. But there is a certain speciality: my home office box u= ses IPv6 via prefix
    delegation in a subnet, at work we use OPNsense with NPTv6 - which doesn't=
    introduce any
    problems, although claws-mail prefers IPv6 (other provider there than thos =
    of mine at home).
    Just a "descriptive" statement.

    Did not try openssl so far, but thank you for the hint!

    Something like this. There are also options to choose specific TLS versio=
    ns.

    I do not see such in claws-mail config, options are NO TLS, TLS, STARTTLS w= hich refers to the
    proper port when autoconfigured. Manually override can be applied.

    openssl s_client -starttls imap -connect <imap-server>:143 -6
    openssl s_client -starttls smtp -connect <smtp-server>:25 -6
    =20
    Can you tcpdump the traffic to a file and see in wireshark what is going =
    on?

    Haven't done the wireshark analysis so far, but did a lot of tcpdumps both = sides of the end of
    the communication between host and router, but it seemed all clear to me an=
    d faults at the
    provider's side ... But, I have to admit that in terms of networking, I'm a=
    kind of an enduser
    ...

    When forcing claws mail to use IPv4 only, everything is all right. There is=
    also not problem
    when using NPTv6 on my FreeBSD routing/ipfw instance.=20

    In the faulty case, the puzzling thing is that after a couple of time runni=
    ng claws-mail, say,
    20 - 30 minutes doing some mail fetches and sending (even with the nasty re= plying on faults)
    everything runs smooth - until next restart of the application. And this lo= oks to me like some
    serious misconfiguration or serious issue on the providers side.=20

    =20
    Regards,
    Ronald.
    =20
    =20



    --=20

    A FreeBSD user

    --Sig_/bz_1Neq1c4IEuvJbYOO7SfX
    Content-Type: application/pgp-signature
    Content-Description: OpenPGP digital signature

    -----BEGIN PGP SIGNATURE-----

    iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCaLH4QQAKCRCxzvs8Oqok r3PmAQCGlhALYC982nhWr3+27MtgRn49/Jp4+njN2bNaRwiPngD+KR1/DZZeh9vg eAFGc47XC0/749P9mThpcpjZQeF0dA0=
    =NBL0
    -----END PGP SIGNATURE-----

    --Sig_/bz_1Neq1c4IEuvJbYOO7SfX--


    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.21a-Linux NewsLink 1.2