Feature #8305

Evaluate shipping Claws Mail 3.11.1+

Added by emmapeel 2014-11-26 08:32:49 . Updated 2015-05-04 04:38:12 .

Status:
Rejected
Priority:
Normal
Assignee:
emmapeel
Category:
Target version:
Start date:
2014-11-26
Due date:
% Done:

0%

Feature Branch:
Type of work:
Debian
Blueprint:

Starter:
Affected tool:
Email Client
Deliverable for:

Description

According to Claws mail developers, ‘If you want to be fully in control and exact in your requirements’ there is a big difference between Claws mail 3.11.1 and 3.8 which is shipped with Tails. With the newer version, I could configure TLS like

gnutls_set_priority=1
gnutls_priority=NONE:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2

See the thread at http://lists.claws-mail.org/pipermail/users/2014-November/011593.html

Claws mail 3.11.1 is on Debian testing. https://packages.debian.org/jessie/claws-mail

Apparently the improvements on the security aspects are big, though I have no idea of other problems that might arise


Subtasks


Related issues

Related to Tails - Feature #8301: Document how to configure a Riseup account in Claws Resolved 2014-11-24
Related to Tails - Feature #9302: Consider shipping claws-mail 3.10.1-2~bpo70+1 Rejected 2015-04-30

History

#1 Updated by emmapeel 2014-11-26 08:41:53

  • related to Feature #8301: Document how to configure a Riseup account in Claws added

#2 Updated by intrigeri 2014-11-26 09:13:07

  • Subject changed from It would be good to have Claws mail 3.11.1 from testing in Tails to Evaluate shipping Claws Mail 3.11.1
  • Assignee set to emmapeel

I see 3.10.1-2~bpo70+1 is in wheezy-backports. Has it the features you would like to see?

#3 Updated by emmapeel 2014-11-26 09:19:27

No, is possible from 3.11.1 only:

Actually, Ricardo Mones has just gave me the pointer on the thread:

one of the bugfixes of 3.11.1 is¹:

“Use ‘gnutls_priority’ hidden account preference for POP3 and STARTTLS
connections, in addition to SMTP.”

That was not possible with previous versions

¹ http://sourceforge.net/p/claws-mail/news/2014/10/claws-mail-3111-unleashed/

#4 Updated by emmapeel 2014-11-26 09:20:16

  • Assignee changed from emmapeel to intrigeri

#5 Updated by BitingBird 2014-11-27 07:14:47

  • QA Check deleted (Info Needed)

#6 Updated by intrigeri 2014-11-28 18:13:13

  • Assignee changed from intrigeri to emmapeel
  • QA Check set to Info Needed

Does Claws Mail 3.11.1 run on Debian testing/sid work fine with pop3s on riseup? https://bugs.debian.org/767963 says it does, but I’d like to see someone test it first-hand. If someone confirms it does, then I can do the same test with a backported Claws Mail 3.11.1 on Wheezy.

#7 Updated by sajolida 2014-11-30 01:45:15

  • Type of work changed from Discuss to Test

So this should be a Test ticket then.

#8 Updated by BitingBird 2015-04-10 17:54:01

emmapeel, are you up to test this? If not, please de-assign yourself.

#9 Updated by emmapeel 2015-04-18 09:11:38

  • Assignee changed from emmapeel to intrigeri
  • QA Check changed from Info Needed to Dev Needed

I could connect to riseup.net with Claws Mail 3.11.1 in Debian Jessie.

I have tried the setup suggested at https://help.riseup.net/en/email/clients/claws

Also without StarTLS, just SSL.

I also added to ~/.claws-mail/accountrc the lines

gnutls_set_priority=1
gnutls_priority=NONE:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2

It works in Debian Jessie with pop3.

#10 Updated by intrigeri 2015-04-19 14:17:26

  • Subject changed from Evaluate shipping Claws Mail 3.11.1 to Evaluate shipping Claws Mail 3.11.1+
  • Assignee deleted (intrigeri)
  • QA Check deleted (Dev Needed)
  • Type of work changed from Test to Debian

Thanks for testing!

Next step is to try and backport Claws Mails from Jessie to Wheezy, and see if this fixes connections to Riseup pop3s (TLS, not StartTLS). It made sense for me to spend time on that 5 months ago, when the breakage was introduced, but now 1. Tails/Jessie is getting closer; 2. the move to Icedove is getting closer; and 3. Tails + Riseup + POP3 users have adjusted their config somehow or given up alroady => I personally won’t be working on this.

#11 Updated by intrigeri 2015-04-30 07:48:16

  • related to Feature #9302: Consider shipping claws-mail 3.10.1-2~bpo70+1 added

#12 Updated by sajolida 2015-05-03 06:39:12

  • Assignee set to emmapeel
  • QA Check set to Info Needed

I tested configuring a Riseup account many many times with Claws 3.8.1 (as of Tails) and Claws 3.10.1 and both work fine as documented by Riseup.

Except for the warning message, probably coming from Tor, described on Bug #9327. I think this is a serious UX issue and I’ve seen users very confused by this, but it doesn’t prevent you to connect and doesn’t come from Claws (I think).

So I fail to understand what 3.11.1 brings in and this ticket doesn’t make it clear what it is trying to solve.

Maybe Riseup created a transient problem on their servers by changing the cipher suite or something, and then realized that being compatible with Claws Mail in Tails was important for their users.

emmapeel: can you clarify which problem you are trying to solve with this proposal?

#13 Updated by intrigeri 2015-05-04 04:38:12

  • Status changed from Confirmed to Rejected

During the monthly meeting we decided to reject this ticket. Feel free to reopen with the requested info if you still feel we should do it. Note that the certificate chain topic discussed on Feature #9302 applies here too.