Re: mail/claws-mail: IPv6 issues: SSL handshake error

Reply: A FreeBSD User : "Re: mail/claws-mail: IPv6 issues: SSL handshake error"
In reply to: A FreeBSD User : "mail/claws-mail: IPv6 issues: SSL handshake error"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ronald Klop <ronald_at_FreeBSD.org>
Date: Thu, 28 Aug 2025 16:49:41 UTC

Op 28-08-2025 om 17:16 schreef A FreeBSD User:
> Hello,
> 
> I'm using mail/claws-mail for my daily work with FreeBSD (CURRENT, 14-STABLE at this time).
> After switching to a working IPv6 environment I face serious connection problems with one of
> my providers, to which claws-mail prefereably connects via IPv6. Sending and receiving is done
> via  "Use TLS" on sending an receiving (the provider, goneo.de has a dedicated introduction
> configuring claws-mail I followed step by step).
> 
> On the firewall I observe that the provider in question is connected via IPv6, while other
> providers, University and others, are not, they are still with IPv4 and do not show any issues.
> 
> claws-mail provides a log screen, but I can not make much out of it, the SMTP and/or IMAP
> server is connected at the correct port and the initial handshake seems all right, but in 8
> out of 10 times the connection fails and does not get initialized due to a "TLS handshake
> error". Sending emails takes sometimes 10 attempts, but then of a sudden it works flawlessly!
> After running claws-mail for a couple of minutes a day, this problem seems to go away in a
> mysterious way, receiving/sending works like a charm as nothing has ever been broken before
> ...
> 
> I;m floating here like a dead man in the water. The firewall / router is FreeBSD / ipfw, I
> suspected this instance, but why should mail being blocked/corrupted while other connections
> via IPv6 work?
> 
> Maybe someone has some ideas what to check and where to look ...
> 
> Thanks in advance,
> oh
> 
> 


Hi,

Does it work with this provider if you force claws-mail to use ipv4?

Can you reproduce the issue easily? Is it possible to reproduce it with openssl?
Something like this. There are also options to choose specific TLS versions.
openssl s_client -starttls imap -connect <imap-server>:143 -6
openssl s_client -starttls smtp -connect <smtp-server>:25 -6

Can you tcpdump the traffic to a file and see in wireshark what is going on?

Regards,
Ronald.