Feature #8305
Evaluate shipping Claws Mail 3.11.1+
0%
Description
According to Claws mail developers, ‘If you want to be fully in control and exact in your requirements’ there is a big difference between Claws mail 3.11.1 and 3.8 which is shipped with Tails. With the newer version, I could configure TLS like
gnutls_set_priority=1
gnutls_priority=NONE:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2
See the thread at http://lists.claws-mail.org/pipermail/users/2014-November/011593.html
Claws mail 3.11.1 is on Debian testing. https://packages.debian.org/jessie/claws-mail
Apparently the improvements on the security aspects are big, though I have no idea of other problems that might arise
Subtasks
Related issues
Related to Tails - |
Resolved | 2014-11-24 | |
Related to Tails - |
Rejected | 2015-04-30 |
History
#1 Updated by emmapeel 2014-11-26 08:41:53
- related to
Feature #8301: Document how to configure a Riseup account in Claws added
#2 Updated by intrigeri 2014-11-26 09:13:07
- Subject changed from It would be good to have Claws mail 3.11.1 from testing in Tails to Evaluate shipping Claws Mail 3.11.1
- Assignee set to emmapeel
I see 3.10.1-2~bpo70+1 is in wheezy-backports. Has it the features you would like to see?
#3 Updated by emmapeel 2014-11-26 09:19:27
No, is possible from 3.11.1 only:
Actually, Ricardo Mones has just gave me the pointer on the thread:
one of the bugfixes of 3.11.1 is¹:
“Use ‘gnutls_priority’ hidden account preference for POP3 and STARTTLS
connections, in addition to SMTP.”
That was not possible with previous versions
¹ http://sourceforge.net/p/claws-mail/news/2014/10/claws-mail-3111-unleashed/
#4 Updated by emmapeel 2014-11-26 09:20:16
- Assignee changed from emmapeel to intrigeri
#5 Updated by BitingBird 2014-11-27 07:14:47
- QA Check deleted (
Info Needed)
#6 Updated by intrigeri 2014-11-28 18:13:13
- Assignee changed from intrigeri to emmapeel
- QA Check set to Info Needed
Does Claws Mail 3.11.1 run on Debian testing/sid work fine with pop3s on riseup? https://bugs.debian.org/767963 says it does, but I’d like to see someone test it first-hand. If someone confirms it does, then I can do the same test with a backported Claws Mail 3.11.1 on Wheezy.
#7 Updated by sajolida 2014-11-30 01:45:15
- Type of work changed from Discuss to Test
So this should be a Test ticket then.
#8 Updated by BitingBird 2015-04-10 17:54:01
emmapeel, are you up to test this? If not, please de-assign yourself.
#9 Updated by emmapeel 2015-04-18 09:11:38
- Assignee changed from emmapeel to intrigeri
- QA Check changed from Info Needed to Dev Needed
I could connect to riseup.net with Claws Mail 3.11.1 in Debian Jessie.
I have tried the setup suggested at https://help.riseup.net/en/email/clients/claws
Also without StarTLS, just SSL.
I also added to ~/.claws-mail/accountrc the lines
gnutls_set_priority=1
gnutls_priority=NONE:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2
It works in Debian Jessie with pop3.
#10 Updated by intrigeri 2015-04-19 14:17:26
- Subject changed from Evaluate shipping Claws Mail 3.11.1 to Evaluate shipping Claws Mail 3.11.1+
- Assignee deleted (
intrigeri) - QA Check deleted (
Dev Needed) - Type of work changed from Test to Debian
Thanks for testing!
Next step is to try and backport Claws Mails from Jessie to Wheezy, and see if this fixes connections to Riseup pop3s (TLS, not StartTLS). It made sense for me to spend time on that 5 months ago, when the breakage was introduced, but now 1. Tails/Jessie is getting closer; 2. the move to Icedove is getting closer; and 3. Tails + Riseup + POP3 users have adjusted their config somehow or given up alroady => I personally won’t be working on this.
#11 Updated by intrigeri 2015-04-30 07:48:16
- related to
Feature #9302: Consider shipping claws-mail 3.10.1-2~bpo70+1 added
#12 Updated by sajolida 2015-05-03 06:39:12
- Assignee set to emmapeel
- QA Check set to Info Needed
I tested configuring a Riseup account many many times with Claws 3.8.1 (as of Tails) and Claws 3.10.1 and both work fine as documented by Riseup.
Except for the warning message, probably coming from Tor, described on Bug #9327. I think this is a serious UX issue and I’ve seen users very confused by this, but it doesn’t prevent you to connect and doesn’t come from Claws (I think).
So I fail to understand what 3.11.1 brings in and this ticket doesn’t make it clear what it is trying to solve.
Maybe Riseup created a transient problem on their servers by changing the cipher suite or something, and then realized that being compatible with Claws Mail in Tails was important for their users.
emmapeel: can you clarify which problem you are trying to solve with this proposal?
#13 Updated by intrigeri 2015-05-04 04:38:12
- Status changed from Confirmed to Rejected
During the monthly meeting we decided to reject this ticket. Feel free to reopen with the requested info if you still feel we should do it. Note that the certificate chain topic discussed on Feature #9302 applies here too.