IMAP4_SSL and OpenSSL compatibility

W

W. Martin Borgert

Hi,

after an upgrade from Debian squeeze to Debian wheezy, I could
not connect to a Microsoft Exchange Server 2003 anymore, because
the OpenSSL library, Python is linked with, changed from version
0.9.8o to 1.0.1e, which has different defaults. The code is:

With the new OpenSSL version, the following exception is raised:

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/imaplib.py", line 1148, in __init__
IMAP4.__init__(self, host, port)
File "/usr/lib/python2.7/imaplib.py", line 192, in __init__
typ, dat = self.capability()
File "/usr/lib/python2.7/imaplib.py", line 361, in capability
typ, dat = self._simple_command(name)
File "/usr/lib/python2.7/imaplib.py", line 1070, in _simple_command
return self._command_complete(name, self._command(name, *args))
File "/usr/lib/python2.7/imaplib.py", line 897, in _command_complete
typ, data = self._get_tagged_response(tag)
File "/usr/lib/python2.7/imaplib.py", line 999, in _get_tagged_response
self._get_response()
File "/usr/lib/python2.7/imaplib.py", line 916, in _get_response
resp = self._get_line()
File "/usr/lib/python2.7/imaplib.py", line 1009, in _get_line
line = self.readline()
File "/usr/lib/python2.7/imaplib.py", line 1171, in readline
return self.file.readline()
File "/usr/lib/python2.7/socket.py", line 447, in readline
data = self._sock.recv(self._rbufsize)
File "/usr/lib/python2.7/ssl.py", line 241, in recv
return self.read(buflen)
File "/usr/lib/python2.7/ssl.py", line 160, in read
return self._sslobj.read(len)
ssl.SSLError: [Errno 1] _ssl.c:1359: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number

The problem seems to be, that IMAP4_SSL does not specify the SSL
version, so the default is used (ssl.PROTOCOL_SSLv23?). The
Python documentation states, that for clients the best option in
terms of compatilibity is ssl.PROTOCOL_SSLv3.

When I add an ssl_version argument to the call to
ssl.wrap_socket() in imaplib.IMAP4_SSL.open(), I can connect to
the Exchange server without problems:

self.sslobj = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
ssl_version = ssl.PROTOCOL_SSLv3)

Would it make sense, to make this change in the Python standard
library?

Thanks in advance!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,982
Messages
2,570,189
Members
46,736
Latest member
zacharyharris

Latest Threads

Top