Mailing List ecs-isp@2rosenthals.com Archived Message #681

Fra: "Lewis G Rosenthal" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Emne: No fallback from TLS 1.3 after recent Android update (AT&T)
Dato: Mon, 1 Apr 2024 11:30:49 -0400
Til: eCS-ISP <ecs-isp@2rosenthals.com>

Hi, all...

Apparently, AT&T pushed an update to Android devices a few days ago (still rolling out) which is wreaking havoc with TLS negotiations under Communigate Pro. The symptom displayed in the log is:

failed to accept a secure connection for '<domain name>'. Error Code=TLS record version is not 3.x

This implies to me that the device is trying to negotiate TLS 1.3 and CGP 5.4 (last version for OS/2) is only capable of 1.2. The Android device is not falling back, thus the handshake is failing. Disabling TLS on the device doesn't seem to help, either, as the mail client stubbornly jacks itself back up to "TLS (Accept all certificates)" and the problem repeats.

Has anyone else seen anything like this recently?

Perhaps a workaround would be to have the firewall negotiate the TLS and pass that back to CGP over something more understandable. I'd have to see how that would work.

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------


Abboner: Feed, Digest, Index.
Stopp abbonement
E-post til ListMaster