Newsroom Update

Apple is introducing a new Apple Watch Pride Edition Braided Solo Loop, matching watch face, and dynamic iOS and iPadOS wallpapers as a way to champion global movements to protect and advance equality for LGBTQ+ communities. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: N20061
N20061 Author
User level: Level 1
9 points

after updating my iphone to ios version 8.4 mail (imap-ssl) won't work

After updating my iphone to ios version 8.4 imap-ssl does't work with courier-imap-ssl.
http://www.intego.com/mac-security-blog/ios-8-4-update-fixes-text-message-bug-ip hone-restart/


The logfile on the Mail server tells me:
"Jul 04 01:36:19 [imapd-ssl] Unexpected SSL connection shutdown."


The message on the iphone is:
"Cannot get Mail

The Mail server abc.xyz.com is not responding. Verify that you have entered the correct account info in Mail settings."


The config /etc/courier-imap/imapd-ssl of courier-imap-ssl has not been changed

IMAPDSSLSTART=NO

IMAPDSTARTTLS=YES

IMAP_TLS_REQUIRED=1

COURIERTLS=/usr/sbin/couriertls

TLS_PROTOCOL=TLS1

TLS_STARTTLS_PROTOCOL=TLS1

TLS_CERTFILE=/etc/courier-imap/imapd.pem

TLS_TRUSTCERTS=/etc/ssl/certs

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache

TLS_CACHESIZE=524288


That behaviour is the same on the iphone of my daughter, after upgrading ios and rebooting the phone.


Sending email is still possible.


Removing the Mail account and recreate them on the phone won't work.


Mail app on the mac book and other windows clients with outlook are getting emails via imap-ssl.


Any idea? Thanks

iPhone 6 Plus, iOS 8.4, after updating to version 8.4

Posted on Jul 3, 2015 4:57 PM

Reply
Question marked as Best reply
User profile for user: AppleJoe
AppleJoe
User level: Community Manager

Posted on Jul 7, 2015 1:04 PM

Greetings N20061,


Welcome to the Apple Support Communities!


I understand that after updating to the latest iOS version, 8.4, you are unable to receive new email because of an SSL connection error. This could be happening because iOS 8.4 has increased security requirements for SSL.


To resolve the situation, the mail server administrator will need to increase the group size for Diffie-Hellman key exchange. Apple recommends a group size of 2048; this information can be found in the article attached below.


Use modern cryptographic practices when setting up SSL and TLS services on your server - Apple Support


The default minimum size allowed for DH ephemeral keys in iOS 8.4 was increased to 768 bits as well to combat an issue known as Logjam. This information can be located in the next attached article below.


About the security content of iOS 8.4 - Apple Support


coreTLS


Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later


Impact: An attacker with a privileged network position may intercept SSL/TLS connections


Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.


Best regards,

Joe

View in context
2 replies
Question marked as Best reply
User profile for user: AppleJoe
AppleJoe
User level: Community Manager

Jul 7, 2015 1:04 PM in response to N20061

Greetings N20061,


Welcome to the Apple Support Communities!


I understand that after updating to the latest iOS version, 8.4, you are unable to receive new email because of an SSL connection error. This could be happening because iOS 8.4 has increased security requirements for SSL.


To resolve the situation, the mail server administrator will need to increase the group size for Diffie-Hellman key exchange. Apple recommends a group size of 2048; this information can be found in the article attached below.


Use modern cryptographic practices when setting up SSL and TLS services on your server - Apple Support


The default minimum size allowed for DH ephemeral keys in iOS 8.4 was increased to 768 bits as well to combat an issue known as Logjam. This information can be located in the next attached article below.


About the security content of iOS 8.4 - Apple Support


coreTLS


Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later


Impact: An attacker with a privileged network position may intercept SSL/TLS connections


Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.


Best regards,

Joe

Reply

after updating my iphone to ios version 8.4 mail (imap-ssl) won't work

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up