N20061
Level 1 (0 points)

Q: after updating my iphone to ios version 8.4 mail (imap-ssl) won't work

After updating my iphone to ios version 8.4 imap-ssl does't work with courier-imap-ssl.
http://www.intego.com/mac-security-blog/ios-8-4-update-fixes-text-message-bug-ip hone-restart/

 

The logfile on the Mail server tells me:
"Jul 04 01:36:19 [imapd-ssl] Unexpected SSL connection shutdown."

 

The message on the iphone is:
"Cannot get Mail

The Mail server abc.xyz.com is not responding. Verify that you have entered the correct account info in Mail settings."

 

The config /etc/courier-imap/imapd-ssl of courier-imap-ssl has not been changed

IMAPDSSLSTART=NO

IMAPDSTARTTLS=YES

IMAP_TLS_REQUIRED=1

COURIERTLS=/usr/sbin/couriertls

TLS_PROTOCOL=TLS1

TLS_STARTTLS_PROTOCOL=TLS1

TLS_CERTFILE=/etc/courier-imap/imapd.pem

TLS_TRUSTCERTS=/etc/ssl/certs

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache

TLS_CACHESIZE=524288

 

That behaviour is the same on the iphone of my daughter, after upgrading ios and rebooting the phone.

 

Sending email is still possible.

 

Removing the Mail account and recreate them on the phone won't work.

 

Mail app on the mac book and other windows clients with outlook are getting emails via imap-ssl.

 

Any idea? Thanks

iPhone 6 Plus, iOS 8.4, after updating to version 8.4

Posted on Jul 3, 2015 4:57 PM

by joe_7399,Solvedanswer
joe_7399 joe_7399
Community Specialists
A:

Greetings N20061,

 

Welcome to the Apple Support Communities!

 

I understand that after updating to the latest iOS version, 8.4, you are unable to receive new email because of an SSL connection error. This could be happening because iOS 8.4 has increased security requirements for SSL.

 

To resolve the situation, the mail server administrator will need to increase the group size for Diffie-Hellman key exchange. Apple recommends a group size of 2048; this information can be found in the article attached below.

 

Use modern cryptographic practices when setting up SSL and TLS services on your server - Apple Support

 

The default minimum size allowed for DH ephemeral keys in iOS 8.4 was increased to 768 bits as well to combat an issue known as Logjam. This information can be located in the next attached article below.

 

About the security content of iOS 8.4 - Apple Support

 

coreTLS


 

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later


 

Impact: An attacker with a privileged network position may intercept SSL/TLS connections


 

Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.

 

Best regards,

Joe

Posted on Jul 7, 2015 1:04 PM

Close
N20061

Q: after updating my iphone to ios version 8.4 mail (imap-ssl) won't work

  • All replies
  • Helpful answers

  • by joe_7399,Solvedanswer

    joe_7399 joe_7399 Jul 7, 2015 1:04 PM in response to N20061
    Community Specialists
    Jul 7, 2015 1:04 PM in response to N20061

    Greetings N20061,

     

    Welcome to the Apple Support Communities!

     

    I understand that after updating to the latest iOS version, 8.4, you are unable to receive new email because of an SSL connection error. This could be happening because iOS 8.4 has increased security requirements for SSL.

     

    To resolve the situation, the mail server administrator will need to increase the group size for Diffie-Hellman key exchange. Apple recommends a group size of 2048; this information can be found in the article attached below.

     

    Use modern cryptographic practices when setting up SSL and TLS services on your server - Apple Support

     

    The default minimum size allowed for DH ephemeral keys in iOS 8.4 was increased to 768 bits as well to combat an issue known as Logjam. This information can be located in the next attached article below.

     

    About the security content of iOS 8.4 - Apple Support

     

    coreTLS


     

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later


     

    Impact: An attacker with a privileged network position may intercept SSL/TLS connections


     

    Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.

     

    Best regards,

    Joe

  • by N20061,

    N20061 N20061 Jul 8, 2015 5:02 AM in response to joe_7399
    Level 1 (0 points)
    Jul 8, 2015 5:02 AM in response to joe_7399

    Hello Joe,

    Thank you, it works as you suggested.

    Best Regards

    Rene