At work I recently have been irritated by a problem that was exposed with Apple's mail app, both on IOS and Yosemite. Among other things, I maintain an imap server (using dovecot ) for our office email.

First some background

Dovecot makes it easy to enable TLS, and disallow unencrypted logins. It actually uses openssl under the hood, so whatever cyphers your version of ssl supports are the set dovecot will support. By default, dovecot has TLSv1.0, TLSv1.1, and TLSv1.2 enabled by default. In the web-browser world, for about the last year, there have been known crypto-attacks against TLSv1.0 and some concern about TLSv1.1. Recommendations for server operators have been to completely disable TLSv1.0. For instance, Qualys has an awesome free ssltest that gives poor grades to 1.0 deployments.

More importantly, for my installation, the "Payment Card Industry" security standard - aka PCI - now strongly discourage the use of what they call "SSL/early TLS". See page 47 of this pdf. When you dig in to what this means, you find that SSLv2 and SSLv3 (which predate TLS) and TLSv1.0 are specifically what they are talkign about. These crypto standards are all pre-Y2K, and have been replaced by newer, better, more secure protocols. Technically my email system is completely isolated from my payment-related systems, and thus might get a pass during any PCI scan/audit. But, to save the hassle, and argument about "compensating controls" from 3rd party vendors who help validate our compliance, I recently disabled TLSv1.0 on dovecot.

In dovecot this is easy. In /etc/dovecot.conf.d/10-ssl.conf you add !TLSv1 to your ssl_protocols. Currently mine looks like this:

ssl_protocols = !SSLv2 !SSLv3 !TLSv1

Now the Real Problem

As soon as I did this every iphone in the company, and every mac user using the mail app on Yosemite all were unable to get their email. The IOS app gives a vauge error about not being able to "connect to the server" and the desktop app gives a 'timeout' error, and the mail connection doctor shows the connection appear to hang during setup.

It turns out that mail.app can only speak TLSv1.0. There is no support for 1.1 or 1.2. TLSv1.0 was first defined as a spec in 1999, 1.1 in 2006 and 1.2 in 2008. 8 years ago. Isn't it time for an update? I've found a few people complaining about this in Apple's support forums, but only recently has 1.0 been deprecated. I expect more people will feel the pain as time progresses.

To be fair to Apple, my 2 year old HTC One M7's mail app has the same issue - I'm told that versions 4.5 and later have TLSv1.2 support.

Testing Notes

While for https there are a few great free tools out there, for other tls-enabled protocols, it is much less fun. Openssl has a nice command line tool you can use for such things. Note that the version on Yosemite is old. Thus you'll need to make sure and test from a more recent version. I used the a linux server on the same network segment as my mail server.

Here is how I tested:

To make a simple connection test:

openssl s_client -connect servername:143 -startls imap

This will connect to "servername" on port 143 and initiate the imap version of starttls. You should get a response back that gives details of the cert and any certificate chain, a copy of the server certificate, some debugging info and a block that might look something like this: