Since the latest Android 14 update a few days ago K9 is broken.
When trying to connect to an IMAP or SMTP server, getting an SSL error:
"Read error: ssl=(number changes on each try): Failure in SSL library, usually a protocol error
error:100000f0:SSL
routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL (external/boringssl/src/ssl/handshake_client.cc:714
0x7085a4ad53:0x00000000)
"
Other mail clients, such as Aqua Mail, are working fine on the same device.
You didn’t indicate what K-9 version you have.
I just picked up the August Android release on my Pixel device. Rebooted. K-9 is retrieving email from my dozen accounts.
I’ve got K-9 6.804.
I also have the latest version – 6.804
Tried to uninstall and re-install. Same SSL failure
Looking at the specified line in Google’s git repo for boringssl:
In TLS 1.2 and below, empty extensions blocks may be omitted. In TLS 1.3, ServerHellos always have extensions, so this can be applied generically.
Seems that either your server returns an invalid HELO (which boringssl ignored up until this update) or you have another problem on you device (sadly, the trace you posted omits some important parts).
Here if the full error message:
Read error: ssl=0xb40000725df4b8d8: Failure in SSL library, usually a protocol error
error:100000f0:SSL
routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL (external/boringssl/src/ssl/handshake_client.cc:714
0x7085a4ad53:0x00000000)
same problem, one plus 9r
We likely need someting like OP_LEGACY_SERVER_CONNECT in OpenSSL, see Enable unsafe legacy SSL renegotiation by DurandA · Pull Request #6281 · mitmproxy/mitmproxy · GitHub
I had to switch from K9-Mail to FairMail (https://email.faircode.eu/) to be able to continue using a legacy mailserver until it’s migrated.
I got the same problem on the Androids that were online 2024-SEP-14, i.e.on Android 7.1.1, Android 13, Android 14. Google probably pushed out some update in BoringSSL during the night. So its is not a specific Android 14 problem. My Android 12 that was offline, did not get the problem.
On Android 7.1.1 the error went away the next night, after a K-9 Notification: “Certificate error. Check your server connection”, but it worked again with no further action. Setting is “Normal password”, but STILL using CRAM-MD5 as before.
When instead connecting latest K-9 to a legacy IMAPS server, on the now still failing Androids, all with CRAM-MD5 authentication you get the above UNSUPPORTED_PROTOCOL error.
If you try to connect latest K-9 to to an up-to-date IMAPS server you get an AUTHENTICATION FAILURE in K-9 and “password mismatch” in the IMAPS server log.
GMail now also has the same problem to up-to-date IMAPS server, but the server says: TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
FairEmail works both to the same legacy and to the up-to-date IMAPS servers with CRAM-MD5 authentication. But it uses its own Java SSL/TLS openssl library and not Google openssl fork BoringSSL …