SMTP with SSL completely broken after iOS 8.4 update

I had this too (1 iPhone and iPad). Workaround: switch off the Handoff feature did the trick for me.

I have the same issue, but turning off the Handoff feature did not solve the problem

after the same problem I switched off "use SSL" in SMTP settings and now email sends fine In my case

I'm having this problem as well. iOS 8.4 devices hanging on SSL over SMTP 465 or 587.

Many people are reporting this issue, yet not solutions posted online. If you solve the issue (client or server–side) please post here.

Thanks!

This from our email provider (Easyspace) has resolved the issue for our team:

Auto detect account settings: off

Outgoing server: smtp.iomartmail.com (this is the easyspace smtp server so you should insert your own)

Outgoing server port: 587

SSL: Off (up until this point iOS 8.4 we always had to have SSL "ON")

Authentication: Password

Allow insecure authentication: on (this isn't an option so we have used password and the same settings as email)

Username: Full email address (this again is how easyspace run usernames so yours might be different)

Password: *********

Kind regards

Martin

In other words, turn off SSL? This defeats the purpose of SSL.

If this is the only solution (and I've seen it advised elsewhere too), then the only conclusion is that iOS 8.4 is causing thousands of users to revert to insecure mail transport which is a major security flaw with the new iOS.

Yep, a workaround

The choice is "do you want your email to work or not before a proper fix comes along?"

Got a way to go to be more unstable or less secure than a pc though !

:-)

Of course I want my email to work, and I have advised my clients of their options and of the risks. But the fact remains that, if indeed Apple has caused many users to turn off their SSL, even temporarily, they have made the users' information vulnerable and it is therefore a major security flaw. Not to mention, due to the widespread nature of this problem, it's not exactly going to be a secret from those who wish to exploit it.

Eventually, after speaking with two Apple support reps, the issue was elevated to engineering. Hopefully I'll have good news for us all "in the next 2 business days".

Hello,

Tengo el mismo problema corro un servidor sendmail y uso el puerto 465 con SSL , desde la actualizacion con la version ios 8.4 no se envían los correos y termina con tiempo de servidor agotado.

He leido por ahi que desactivemos el SSL el SERVER SMTP , pero vulnera mi seguridad .

I tried to turn SSL "OFF" , but then my email account started "Verifying"... stuck endlessly.

Catch 22??? The "Verifying" tried to send an email which it can't?
@Mjbowdler,: How did you turn SSL off?

JimS

You need to check with your pop email provider as the settings available to you - whether your email will function with SSL off and what other settings need to be selected to allow this (assuming your provider will allow). Our provider (Easyspace) allows the functionality but others may restrict because of the security risk that NuclearMedia has highlighted.

We're all in workaround mode awaiting a proper fix.

Is there any official position from Apple regarding this issue? When will be released the next update?

My dozens of users are unable to send email trough their iPhones/iPads.

Thanks..

Apple provided this update: Use modern cryptographic practices when setting up SSL and TLS services on your server - Apple Support

"To ensure security and privacy for your users, and interoperability with Apple products, server administrators should use a group size of 2048 bits or greater when using Diffie-Hellman key exchange. ...devices no longer connect to servers or webpages that are set up using weaker Diffie-Hellman encryption"

If only someone had just shut out IE lt 9 this swiftly.

Any admins with users experiencing this issue need to verify they've properly generated the initial STARTTLS config to an acceptable level.

Sendmail and other mail programs have a default export compliant 512 key which you must generate to 2048 or high to resolve.

More info: https://weakdh.org/sysadmin.html

Easier said than done. I've attempted to follow the instructions from weakdh.org on our authenticated sendmail SMTP relay, total failure. Nothing seems to help with the Apple devices, although following the instructions from weakdh.org restored SMTP for recent Thunderbird and Android clients.

On the off chance that my failure may have been caused by the age of the OS and sendmail that we have been using for years, I threw up a brand new VM (CentOS-7) and tried to configure it using either sendmail or postfix with a new 2048-bit DH key. No luck there either.

So if any sendmail/postfix admins have a clue how to deal with this, please share!