Hi,
I can no longer connect to Dovecot (IMAP). The connection is terminated
by Dovecot after Client Helo.
My server:
Dovecot 2.3.3
Debian buster/sid
Architecture: ppc
My problems started in late August after upgrading Dovecot.
SSL settings:
ssl_dh = </etc/ssl/dh2048.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_prefer_server_ciphers = yes
Client:
OS Android 6.0.1
Aquamail
Log from Dovecot:
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x10,
ret=1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2001,
ret=1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2002,
ret=-1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2001,
ret=1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL alert:
where=0x4008, ret=598: fatal unknown
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2002,
ret=-1: error
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL error:
SSL_accept() failed: error:14209175:SSL
routines:tls_early_post_process_client_hello:inappropriate fallback
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL error:
SSL_accept() syscall failed: Invalid argument
Sep 15 23:19:02 debian2 dovecot: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX,
lip=XXX.XXX.XXX.XXX,TLS handshaking: SSL_accept() syscall failed:
Invalid argument, session=<XXXXXXXXXXX>
Log from client (Aquamail) is a bit longer (see attachment).
I have also listened to the communication using Wireshark. The last
piece of communication is Client Helo. After the client sends Client
Helo, there is no reply from Dovecot and the server closes the
communication.
This is the Client Helo, in the "structured view" iin Wireshark:
|Secure Sockets Layer ? ? TLSv1 Record Layer: Handshake Protocol: Client
Hello ? ? ? ? Content Type: Handshake (22) ? ? ? ? Version: TLS 1.0
(0x0301) ? ? ? ? Length: 176 ? ? ? ? Handshake Protocol: Client Hello ?
? ? ? ? ? Handshake Type: Client Hello (1) ? ? ? ? ? ? Length: 172 ? ?
? ? ? ? Version: TLS 1.2 (0x0303) ? ? ? ? ? ? Random:
2b7af5ba92040f081a5a3621e9d9cbab2d50b829b7fe755f... ? ? ? ? ? ? Session
ID Length: 0 ? ? ? ? ? ? Cipher Suites Length: 62 ? ? ? ? ? ? Cipher
Suites (31 suites) ? ? ? ? ? ? ? ? Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ? ? ? ? ? ? ? ?
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ? ? ? ? ?
? ? ? Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ?
? ? ? ? ? ? ? Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
(0x009f) ? ? ? ? ? ? ? ? Cipher Suite:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ? ? ? ? ? ? ? ?
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ? ? ? ? ? ? ?
? Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ? ? ?
? ? ? ? ? Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ?
? ? ? ? ? ? ? Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) ?
? ? ? ? ? ? ? Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) ? ? ?
? ? ? ? ? Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
? ? ? ? ? ? ? ? Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(0xc013) ? ? ? ? ? ? ? ? Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ? ? ? ? ? ? ? ?
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) ? ? ? ? ? ? ? ?
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) ? ? ? ? ? ? ? ?
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) ? ? ? ? ? ? ?
? Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) ? ? ? ? ? ? ?
? Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) ? ? ? ? ?
? ? ? Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) ? ? ? ? ?
? ? ? Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) ? ? ? ? ? ?
? ? Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) ? ? ? ? ? ?
? ? Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) ? ? ? ? ? ? ? ?
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) ? ? ? ? ? ? ? ? Cipher
Suite: TLS_FALLBACK_SCSV (0x5600) ? ? ? ? ? ? Compression Methods
Length: 1 ? ? ? ? ? ? Compression Methods (1 method) ? ? ? ? ? ?
Extensions Length: 69 ? ? ? ? ? ? Extension: server_name (len=17) ? ? ?
? ? ? Extension: extended_master_secret (len=0) ? ? ? ? ? ? Extension:
signature_algorithms (len=22) ? ? ? ? ? ? ? ? Type: signature_algorithms
(13) ? ? ? ? ? ? ? ? Length: 22 ? ? ? ? ? ? ? ? Signature Hash
Algorithms Length: 20 ? ? ? ? ? ? ? ? Signature Hash Algorithms (10
algorithms) ? ? ? ? ? ? ? ? ? ? Signature Algorithm: rsa_pkcs1_sha512
(0x0601) ? ? ? ? ? ? ? ? ? ? Signature Algorithm: ecdsa_secp521r1_sha512
(0x0603) ? ? ? ? ? ? ? ? ? ? Signature Algorithm: rsa_pkcs1_sha384
(0x0501) ? ? ? ? ? ? ? ? ? ? Signature Algorithm: ecdsa_secp384r1_sha384
(0x0503) ? ? ? ? ? ? ? ? ? ? Signature Algorithm: rsa_pkcs1_sha256
(0x0401) ? ? ? ? ? ? ? ? ? ? Signature Algorithm: ecdsa_secp256r1_sha256
(0x0403) ? ? ? ? ? ? ? ? ? ? Signature Algorithm: SHA224 RSA (0x0301) ?
? ? ? ? ? ? ? ? ? Signature Algorithm: SHA224 ECDSA (0x0303) ? ? ? ? ?
? ? ? ? ? Signature Algorithm: rsa_pkcs1_sha1 (0x0201) ? ? ? ? ? ? ? ?
? ? Signature Algorithm: ecdsa_sha1 (0x0203) |
|What I tried: |
* |change all possible settings in Dovecot (ssl_min_protocol,
ssl_cipher_list ...)|
* |change certificate I use|
|I also got in touch with the developer of Aquamail (see our discussion
here: https://www.aqua-mail.com/forum/index.php?topic=6824.0 ).|
|The developer was able to reproduce the handshake error. We believe
that the problem is that Dovecot rejects ClientHello as long as it is
wrapped in the TLSv1 Record Layer (see the second lilne in the Wireshark
log). According to the developer, Dovecot should accept Client Helo
wrapped in the TLSv1 Record Layer.|
|Thank you very much for your help. Best regards VB |
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20181007/1c7b8c37/attachment.html>
-------------- next part --------------
2018.09.15 23:27:57.268 +0200 [EXEC.2652] Executing task
[org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u =
content://org.kman.AquaMail.data/accounts/2, t = 86965199, a =
[org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX,
email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]] on Executor_Network#0
2018.09.15 23:27:57.269 +0200 [EXEC.2652] Executing task
[org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u =
content://org.kman.AquaMail.data/accounts/2, t = 86965199, a =
[org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX,
email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]]
2018.09.15 23:27:57.270 +0200 [MDATR.2652] Using WiFi sync policy values
2018.09.15 23:27:57.270 +0200 [SYNC.2652] SyncPolicy: mSyncByCount = 100,
mCommandBatchSize = 25
2018.09.15 23:27:57.271 +0200 [LOCKS.2652] acquire for 2,
[org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u =
content://org.kman.AquaMail.data/accounts/2, t = 86965199, a =
[org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX,
email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]] on thread =
Thread[Executor_Network#0,5,main], tid = 2652, thash = 02c90ff4
2018.09.15 23:27:57.272 +0200 [LOCKS.2652] AccountSyncLock after pass:
Active: 1
Index = 0, lock = org.kman.AquaMail.core.AccountSyncLock$b at 2c38e98, accountId
= 2, thread = Thread[Executor_Network#0,5,main], tid = 2652, thash = 02c90ff4,
since = 2018-09-15 23:27:57:272
Queue: 0
2018.09.15 23:27:57.272 +0200 [NETWRK.2652] Request for connection
content://org.kman.AquaMail.data/accounts/2/in to [XXXXXX.XXX:143, tlsStrict,
login = 0, pass = true, cert = false]
2018.09.15 23:27:57.273 +0200 [POWER.2652] >>>>> Acquiring wake
lock for MailConnectionManager
2018.09.15 23:27:57.273 +0200 [POWER.2652] Acquired wake lock flag 0x01000000,
result 0x05000000
2018.09.15 23:27:57.273 +0200 LockManager ... Wake lock already held
2018.09.15 23:27:57.274 +0200 [NETWRK.2652] Semaphore acquire for
[XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.274 +0200 [NETWRK.2652] Connecting to [XXXXXX.XXX:143,
tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.274 +0200 [NETWRK.2652] Resolving address for XXXXXX.XXX
2018.09.15 23:27:57.280 +0200 [CONCTR.1] Service state change: uri:
content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 160, aux =
0x1234abcd
2018.09.15 23:27:57.281 +0200 AccountListShard Send state: uri:
content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 160, aux =
0x1234abcd
2018.09.15 23:27:57.281 +0200 [CONCTR.1] Service state change: uri:
content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 160, aux =
0x1234abcd
2018.09.15 23:27:57.282 +0200 [CONCTR.1] Service state change: uri:
content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 161, aux =
0x001a
2018.09.15 23:27:57.282 +0200 AccountListShard Send state: uri:
content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 161, aux =
0x001a
2018.09.15 23:27:57.283 +0200 [CONCTR.1] Service state change: uri:
content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 161, aux =
0x001a
2018.09.15 23:27:57.283 +0200 AsyncDataLoaderImpl Submit
org.kman.AquaMail.data.AsyncDataLoader at 274dc81 item
org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.283 +0200 AsyncDataLoaderWorker_CONTACTS Submit
org.kman.AquaMail.data.AsyncDataLoader at 274dc81 item
org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.285 +0200 AsyncDataLoaderWorker_CONTACTS Loading
org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.288 +0200 AsyncDataLoaderWorker_CONTACTS Loading
org.kman.AquaMail.view.d$c at 44636f1 took 3 ms
2018.09.15 23:27:57.298 +0200 AsyncDataLoaderImpl Delivering
org.kman.AquaMail.data.AsyncDataLoader at 274dc81 item
org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.354 +0200 [NETWRK.2652] IPv4: XXXXXX.XXX/XXX.XXX.XXX.XXX
2018.09.15 23:27:57.355 +0200 [NETWRK.2652] Trying:
XXXXXX.XXX/XXX.XXX.XXX.XXX:143
2018.09.15 23:27:57.373 +0200 [NETWRK.2652] Socket connection completed
2018.09.15 23:27:57.374 +0200 [NETWRK.2652] Connection to [XXXXXX.XXX:143,
tlsStrict, login = 0, pass = true, cert = false] completed:
XXXXXX.XXX/XXX.XXX.XXX.XXX:143, time = 0.10 sec
2018.09.15 23:27:57.374 +0200 [NETWRK.2652] Buffer sizes: 524288 send, 1132800
receive
2018.09.15 23:27:57.449 +0200 [IMAP_RAW.2652] Data is <124>:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+
STARTTLS LOGINDISABLED] Dovecot (Debian) ready.
2018.09.15 23:27:57.449 +0200 [IMAP.2652] Server greeting: * OK [CAPABILITY
IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS
LOGINDISABLED] Dovecot (Debian) ready.
2018.09.15 23:27:57.450 +0200 [IMAP.2652] Server is Dovecot
2018.09.15 23:27:57.450 +0200 [NETWRK.2652] Semaphore release for
[XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.451 +0200 [IMAP.2652] Sending: kman1 CAPABILITY
2018.09.15 23:27:57.455 +0200 [IMAP_RAW.2652] Data is <171>:
* CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS
LOGINDISABLED
kman1 OK Pre-login capabilities listed, post-login capabilities have more.
2018.09.15 23:27:57.455 +0200 [IMAP_RAW.2652] Line: * CAPABILITY IMAP4rev1
SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED
2018.09.15 23:27:57.456 +0200 [IMAP.2652] Pre-login capabilities: CAPABILITY
IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED
2018.09.15 23:27:57.456 +0200 [IMAP_RAW.2652] Line: kman1 OK Pre-login
capabilities listed, post-login capabilities have more.
2018.09.15 23:27:57.456 +0200 [IMAP.2652] Result for kman1: 0 Pre-login
capabilities listed, post-login capabilities have more., traffic: 171 read, 18
write
2018.09.15 23:27:57.456 +0200 [IMAP.2652] Sending: kman2 STARTTLS
2018.09.15 23:27:57.459 +0200 [IMAP_RAW.2652] Data is <37>:
kman2 OK Begin TLS negotiation now.
2018.09.15 23:27:57.460 +0200 [IMAP_RAW.2652] Line: kman2 OK Begin TLS
negotiation now.
2018.09.15 23:27:57.460 +0200 [IMAP.2652] Result for kman2: 0 Begin TLS
negotiation now., traffic: 37 read, 16 write
2018.09.15 23:27:57.475 +0200 [NETWRK.2652] Request for startTls
content://org.kman.AquaMail.data/accounts/2/in to [XXXXXX.XXX:143, tlsStrict,
login = 0, pass = true, cert = false]
2018.09.15 23:27:57.475 +0200 [NETWRK.2652] Semaphore acquire for
[XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.475 +0200 [NETWRK.2652] Reconnecting to [XXXXXX.XXX:143,
tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.476 +0200 [NETWRK.2652] Using strict SSL/STARTTLS factory
2018.09.15 23:27:57.476 +0200 SSLHardening Setting SSL ciphers:
[TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA,
TLS_PSK_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA,
TLS_PSK_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
TLS_FALLBACK_SCSV]
2018.09.15 23:27:57.476 +0200 SSLHardening Setting SSL protocols: [TLSv1.2,
TLSv1.1, TLSv1]
2018.09.15 23:27:57.490 +0200 [NETWRK.2652] Closing socket SSL socket over
Socket[unconnected]
2018.09.15 23:27:57.490 +0200 [NETWRK.2652] Semaphore release for
[XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.494 +0200 [NETWRK.2652] ***** ERROR: Unable to reconnect to
[XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
javax.net.ssl.SSLHandshakeException: Connection closed by peer
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at
com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
at
com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
at
com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
at org.kman.AquaMail.net.h.a(SourceFile:301)
at org.kman.AquaMail.net.e.a(SourceFile:364)
at org.kman.AquaMail.mail.imap.ImapTask.a(SourceFile:57)
at org.kman.AquaMail.mail.imap.ImapTask_ConnectLogin.ac(SourceFile:106)
at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:123)
at org.kman.AquaMail.core.k.a(SourceFile:77)
at org.kman.AquaMail.core.l$b.run(SourceFile:621)
at java.lang.Thread.run(Thread.java:818)
Last data:
kman2 STARTTLS
Result for kman2: 0 Begin TLS negotiation now.
Thread: Thread[Executor_Network#0,5,main], id: 2652
2018.09.15 23:27:57.495 +0200 [POWER.2652] >>>>> Releasing wake
lock for MailConnectionManager
2018.09.15 23:27:57.500 +0200 [POWER.2652] Released wake lock flag 0x01000000,
result 0x04000000
2018.09.15 23:27:57.501 +0200 MailStateWatcher Service state change uri:
content://org.kman.AquaMail.data/accounts/2, what: 121, aux = 0xffffffff
2018.09.15 23:27:57.527 +0200 KeepAliveService Facade: stop
2018.09.15 23:27:57.527 +0200 MailStateWatcher Removed default notificaiton
2018.09.15 23:27:57.528 +0200 MailStateWatcher Showing account error
notification, acct XXXX at XXXXXX.XXX, id 0x1000002, message Trval? s??ov? chyby
p??choz?ho serveru
2018.09.15 23:27:57.542 +0200 KeepAliveService gNotificationManager.cancel
2018.09.15 23:27:57.550 +0200 KeepAliveService onDestroy
2018.09.15 23:27:57.613 +0200 [TASKS.2652] ***** ERROR: IOException caught in
processTask for [org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u =
content://org.kman.AquaMail.data/accounts/2, t = 86965199, a =
[org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX,
email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]]
javax.net.ssl.SSLHandshakeException: Connection closed by peer
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at
com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
at
com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
at
com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
at org.kman.AquaMail.net.h.a(SourceFile:301)
at org.kman.AquaMail.net.e.a(SourceFile:364)
at org.kman.AquaMail.mail.imap.ImapTask.a(SourceFile:57)
at org.kman.AquaMail.mail.imap.ImapTask_ConnectLogin.ac(SourceFile:106)
at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:123)
at org.kman.AquaMail.core.k.a(SourceFile:77)
at org.kman.AquaMail.core.l$b.run(SourceFile:621)
at java.lang.Thread.run(Thread.java:818)
Last data:
kman2 STARTTLS
Result for kman2: 0 Begin TLS negotiation now.
Thread: Thread[Executor_Network#0,5,main], id: 2652
2018.09.15 23:27:57.613 +0200 [NETWRK.2652] Aborting the connection
[content://org.kman.AquaMail.data/accounts/2/in, not conn]