By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.

Bug 2329

Summary: Fedora 21: Cannot use TLS with kmail
Product: TDE Reporter: Darrell <darrella>
Component: tdepimAssignee: Timothy Pearson <kb9vqf>
Status: NEW ---    
Severity: major CC: bugwatch, darrella, gdr+tde, ppisa4lists
Priority: P5    
Version: R14.0.x [Trinity]   
Hardware: Other   
OS: Linux   
Compiler Version: TDE Version String: R14.0.0
Application Version: 1.9.10 (enterprise35 0.20100827.1168748) Trinity R14.0.0 Application Name: kmail

Description Darrell 2015-01-27 16:50:28 CST 
I am trying to use kmail in Fedora 21 (F21). I use TLS with my logins. When I try to connect in F21 I receive the following error dialog:

Could not connect to host Your POP3 server claims to
support TLS but negotiation was unsuccessful. You can
disable TLS in KDE using the crypto settings module.

As far as I can tell, I have all Trinity tqca related packages installed in F21.

I can connect to the mail servers when I disable TLS and use clear text logins.

I do not have any such problems in Slackware 14.1. Thus the problem seems specific to F21.

While the error dialog is found in tdebase/tdeioslave/pop3/pop3.cc, I do not know how to trace the actual trigger.
Comment 1 Darrell 2015-01-27 18:43:43 CST 
Note: The dialog message 'KDE' text was updated to 'TDE' in commits ad2dc879 and ed4336e (bug 2328).

Regarding debugging: I am guessing gdb or valgrind is used but I need instructions. :)
Comment 2 Gulraj Rijhwani 2015-03-20 13:36:27 CDT 
I concur.  After upgrading to F21, I suddenly find I cannot use TLS (or any protected password methods) for accessing my e-mail at work.  This is an issue, because we are *supposed* to be a secure environment.

I suspect the problem is as simple as SASL support not having been compiled into the binary distribution.  String searching the binary reveals no reference to SASL libs.
Comment 3 Darrell 2015-03-20 15:58:56 CDT 
Thank you for confirming.

The spec file for Fedora shows -DWITH_SASL=ON.

http://git.trinitydesktop.org/cgit/tde-packaging/tree/redhat/main/tdepim/tdepim-14.0.0.spec

Possibly SASL support was not installed in the build environment. Hopefully Francois will look into this.
Comment 4 Pavel Pisa 2019-07-19 11:23:43 CDT 
See similar problem caused by Debian upgrade to Buster

bug 3024, comment 11

Try to release required TLS protocol version when using with old servers

diff --git a/ssl/openssl.cnf b/ssl/openssl.cnf
index a6fed92..b51fc17 100644
--- a/ssl/openssl.cnf
+++ b/ssl/openssl.cnf
@@ -358,5 +358,5 @@ ssl_conf = ssl_sect
 system_default = system_default_sect

 [system_default_sect]
-MinProtocol = TLSv1.2
-CipherString = DEFAULT@SECLEVEL=2
+MinProtocol = None
+CipherString = DEFAULT