Since the latest Android 14 update a few days ago K9 is broken.
When trying to connect to an IMAP or SMTP server, getting an SSL error:
"Read error: ssl=(number changes on each try): Failure in SSL library, usually a protocol error
error:100000f0:SSL
routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL (external/boringssl/src/ssl/handshake_client.cc:714
0x7085a4ad53:0x00000000)
"
Other mail clients, such as Aqua Mail, are working fine on the same device.
You didn’t indicate what K-9 version you have.
I just picked up the August Android release on my Pixel device. Rebooted. K-9 is retrieving email from my dozen accounts.
I’ve got K-9 6.804.
I also have the latest version – 6.804
Tried to uninstall and re-install. Same SSL failure
Looking at the specified line in Google’s git repo for boringssl:
In TLS 1.2 and below, empty extensions blocks may be omitted. In TLS 1.3, ServerHellos always have extensions, so this can be applied generically.
Seems that either your server returns an invalid HELO (which boringssl ignored up until this update) or you have another problem on you device (sadly, the trace you posted omits some important parts).
Here if the full error message:
Read error: ssl=0xb40000725df4b8d8: Failure in SSL library, usually a protocol error
error:100000f0:SSL
routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL (external/boringssl/src/ssl/handshake_client.cc:714
0x7085a4ad53:0x00000000)
same problem, one plus 9r
We likely need someting like OP_LEGACY_SERVER_CONNECT in OpenSSL, see Enable unsafe legacy SSL renegotiation by DurandA · Pull Request #6281 · mitmproxy/mitmproxy · GitHub
I had to switch from K9-Mail to FairMail (https://email.faircode.eu/) to be able to continue using a legacy mailserver until it’s migrated.
I got the same problem on the Androids that were online 2024-SEP-14, i.e.on Android 7.1.1, Android 13, Android 14. Google probably pushed out some update in BoringSSL during the night. So its is not a specific Android 14 problem. My Android 12 that was offline, did not get the problem.
On Android 7.1.1 the error went away the next night, after a K-9 Notification: “Certificate error. Check your server connection”, but it worked again with no further action. Setting is “Normal password”, but STILL using CRAM-MD5 as before.
When instead connecting latest K-9 to a legacy IMAPS server, on the now still failing Androids, all with CRAM-MD5 authentication you get the above UNSUPPORTED_PROTOCOL error.
If you try to connect latest K-9 to to an up-to-date IMAPS server you get an AUTHENTICATION FAILURE in K-9 and “password mismatch” in the IMAPS server log.
GMail now also has the same problem to up-to-date IMAPS server, but the server says: TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
FairEmail works both to the same legacy and to the up-to-date IMAPS servers with CRAM-MD5 authentication. But it uses its own Java SSL/TLS openssl library and not Google openssl fork BoringSSL …
Two days ago, after an update of K-9 Mail to version 6.804 (on a Fairphone 4 5G with Android 13) I got the same problems: No incoming mails.
Testing the configuration of the incoming server (with StartTLS on port 143 or SSL/TLS on port 993, plain password, no client certificate) I get:
Read error: ssl=[something in hex] Failure in SSL library, usually a protocol error
error:100000f0:SSL routines:OPENSSL_internal: UNSUPPORTED_PROTOCOL (external/boringssl/src/ssl/ handshake_client.cc:714 0x75464c8d53:0x00000000)
Can I do anything about that?
Postscript: It’s working now, and I do not know why. Possibly some temporary problem at the mail server.
Started having this same issue recently. It probably started mid September with the latest Google update for Pixel 7 pro.
I have a legacy imap server as well. And k9 version 6.804
On my Samsung tablet it works fine. Same version of k9 and android 14. I suspect difference in the ssl library
Enabled debug logging on my IMAP server and here’s what it’s throwing for K-9 on my Pixel when trying to just test a connection to it:
dovecot: Oct 10 09:41:24 Info: auth(default): new auth connection: pid=854
dovecot: Oct 10 09:41:26 Warning: imap-login: SSL_accept() failed: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version [::ffff:136.x.x.x]
dovecot: Oct 10 09:41:26 Info: imap-login: Disconnected: rip=::ffff:136.x.x.x, lip=::ffff:207.x.x.x, TLS handshake
As the error on my phone says “UNSUPPORTED_PROTOCOL” I presume that’s removal of TLSv1 from boringssl or something.
When using same version of K-9 on Android 14 on my Samsung Tablet it works fine:
dovecot: Oct 10 09:48:08 Info: auth(default): new auth connection: pid=978
dovecot: Oct 10 09:48:08 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=::ffff:207.x.x.x rip=::ffff:136.x.x.x
dovecot: Oct 10 09:48:08 Info: auth(default): client out: CONT 1
dovecot: Oct 10 09:48:08 Info: auth(default): client in: CONT 1 [redacted]
dovecot: Oct 10 09:48:08 Info: auth(default): pam([me],::ffff:136.x.x.x): lookup service=dovecot
dovecot: Oct 10 09:48:08 Info: auth(default): client out: OK 1 user=[me]
dovecot: Oct 10 09:48:08 Info: auth(default): master in: REQUEST 3 977 1
dovecot: Oct 10 09:48:08 Info: auth(default): passwd([me],::ffff:136.x.x.x): lookup
dovecot: Oct 10 09:48:08 Info: auth(default): master out: USER 3 [me] system_user=[me] uid=500 gid=500 home=/home/[me]
dovecot: Oct 10 09:48:08 Info: imap-login: Login: user=<[me]>, method=PLAIN, rip=::ffff:136.x.x.x, lip=::ffff:207.x.x.x, TLS
dovecot: Oct 10 09:48:08 Info: IMAP([me]): Effective uid=500, gid=500, home=/home/[me]
dovecot: Oct 10 09:48:08 Info: IMAP([me]): maildir: access(/home/[me]/Maildir, rwx): failed: No such file or directory
dovecot: Oct 10 09:48:08 Info: IMAP([me]): maildir: couldn't find root dir
dovecot: Oct 10 09:48:08 Info: IMAP([me]): mbox: root exists (/home/[me]/mail)
dovecot: Oct 10 09:48:08 Info: IMAP([me]): mbox: INBOX exists (/var/mail/[me])
dovecot: Oct 10 09:48:08 Info: IMAP([me]): mbox: root=/home/[me]/mail, index=/home/[me]/mail, inbox=/var/mail/[me]
dovecot: Oct 10 09:48:08 Info: IMAP([me]): Connection closed
Same problem for me with my local email provider, lewiscounty.com. I just have different numbers after the “714” … 0x6cca508d53:0x00000000
I can receive emails just fine, but cannot send. I can, however, send from my gmail accounts through K9.
Samsung S22 with current updates.
Connecting with OpenSSL shows the following error:
4017A60C5A7C0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2086:
Please contact your email provider and ask them to update their servers. For a more technical explanation you can point them here and here.