From: "Lewis G Rosenthal" Received: from [50.73.8.217] (account lgrosenthal@2rosenthals.com HELO [192.168.200.32]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 9406394 for ecs-isp@2rosenthals.com; Mon, 01 Apr 2024 11:30:51 -0400 To: eCS-ISP Subject: No fallback from TLS 1.3 after recent Android update (AT&T) Organization: Rosenthal & Rosenthal, LLC Message-ID: <660AD329.4060400@2rosenthals.com> Date: Mon, 1 Apr 2024 11:30:49 -0400 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, all... Apparently, AT&T pushed an update to Android devices a few days ago (still rolling out) which is wreaking havoc with TLS negotiations under Communigate Pro. The symptom displayed in the log is: failed to accept a secure connection for ''. Error Code=TLS record version is not 3.x This implies to me that the device is trying to negotiate TLS 1.3 and CGP 5.4 (last version for OS/2) is only capable of 1.2. The Android device is not falling back, thus the handshake is failing. Disabling TLS on the device doesn't seem to help, either, as the mail client stubbornly jacks itself back up to "TLS (Accept all certificates)" and the problem repeats. Has anyone else seen anything like this recently? Perhaps a workaround would be to have the firewall negotiate the TLS and pass that back to CGP over something more understandable. I'd have to see how that would work. -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------