@Cass
Quote:
Cass wrote:
A strange issue that I`ve noticed the other day : I tried to send a mail with YAM but it failed to do so, popping up a "failed TLSv1/SSLv3 initiation process to node smtp.mail.yahoo.com" message.
I have a yahoo account (as mentioned above), YAM 2.9p1 (18/04/2014) and nothing changed to system or settings, since the last successful try on 20/6/2015.
Any ideas?
Looking at this topic I quickly became confused by the different version numberings of AmiSSL, OpenSSL, SSL and TLS.
What I understsood so far is:
- AmiSSL is a shared library package port of OpenSSL version 0.9.4 (August
9th,1999):
AmiSSL info- Latest AmiSSL version is AmiSSL v3.6, downloadable from here:
AmiSSL v3.6- Latest OpenSSL version mentioned in the AmiSSL v3.6 docs is OpenSSL v0.9.7h
-
AmiSSL v3.7 mentioned here - but with label "10 years ago" (???)
This could mean it will be based on OpenSSL v0.9.8 of July 5th, 2005 - but this is just my guess.
- OpenSSL version 1.0.2, Suite B, has support for TLS 1.2 and DTLS 1.2
- actual OpenSSL version 1.0.2d of July 9th, 2015
- OpenSSL version 1.1.0 is expected to release on April 28th 2016
- As of 2014 the 3.0 version of SSL (dating back to 1996) is considered insecure as it is vulnerable to the POODLE attack that affects all block ciphers in SSL; and RC4, the only non-block cipher supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.
- TLS 1.0 (SSL v3.1) was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0.
- TLS 1.1 was defined in RFC 4346 in April 2006.
- TLS 1.2 was defined in RFC 5246 in August 2008.
- As of October 2015, TLS 1.3 is a working draft, and details are provisional and incomplete. It is based on the earlier TLS 1.2 specification.
So I assume the latest AmiSSL v3.6 is based on OpenSSL v0.9.7g of 2005. This is the version that does not work with YAM 2.9p1, e.g. accessing securepop and securesmtp servers always results in error messages.
So what we would urgently need for our classic AmigaOS 3.x systems is something based on at least TLS 1.2 / OpenSSL v1.0.2d .
As far as I found out on the web today (23-Nov-2015), AmiSSL v.3.7 has only been mentioned so far and would best be based on OpenSSL v0.9.8 of July 5th, 2005.
News feed
OS4 Feedback forum
OS4Depot Feedback forum
Amigabounty forum
OpenAmiga forum
AmiCygnix forum
ABC shell forum
AmiKit forum
Cinnamon Writer forum
CodeBench forum
Digital Universe forum
Dopus 5 forum
E-UAE forum
Gnash forum
Ibrowse forum
JAmiga forum
Odyssey forum
OWB forum
Qt forum
SmartFileSystem forum
Timberwolf forum
TouchDevice forum
TuneNet forum
Unsatisfactory Software forum
Donate
