Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: TIdIMAP4 freezes my program



Permlink Replies: 3 - Last Post: May 12, 2017 11:43 AM Last Post By: Remy Lebeau (Te...
Asger Joergensen

Posts: 370
Registered: 11/18/08
TIdIMAP4 freezes my program
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2017 5:01 AM
Hi

I just noticed that if I use this combination of settings

IdIMAP4->Port = 993;
IdIMAP4->UseTLS = utNoTLSSupport;

and then call:

IdIMAP4->Connect( true );

My program freezes forever with no errors of any kind.

I know the setting is wrong and if I use utUseImplicitTLS everything
works well. I have tried others combinations and they give me a timeout
or an error from the server, but I am wondering if that combinations is
the only combination that can make my program freeze ?
And what I can do to handle it more gracefully ?

p.s. the same is happening with TIdPOP3 using port 995 and no TLS

Thanks in advance
Asger
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: TIdIMAP4 freezes my program
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2017 12:12 PM   in response to: Asger Joergensen in response to: Asger Joergensen
Asger wrote:

I just noticed that if I use this combination of settings

IdIMAP4->Port = 993;
IdIMAP4->UseTLS = utNoTLSSupport;

and then call:

IdIMAP4->Connect( true );

My program freezes forever with no errors of any kind.

That is because port 993 is expecting your client to send an SSL/TLS handshake
immediately upon establishing the socket connection, but utNoTLSSupport disables
that procedure. Thus, Connect() becomes blocked waiting for an IMAP greeting
that the server never sends.

I know the setting is wrong and if I use utUseImplicitTLS everything
works well.

Correct, you must use utUseImplicitTLS on port 993.

I have tried others combinations and they give me a timeout
or an error from the server, but I am wondering if that combinations
is the only combination that can make my program freeze ?

No.

Setting UseTLS to any value other than utUseImplicitTLS on port 993 should
cause a freeze, since all other values will bypass the initial SSL/TLS handshake
upon establishing the socket connection, allowing Connect() to try reading
the server's greeting, which will not be sent until after a successful handshake
is complete first.

Setting UseTLS to utUseImplicitTLS on any non-SSL port will also cause problems,
because the Connect() will send an immediate SSL/TLS handshake that the server
is not expecting. This will not cause a freeze, but more likely will raise
an SSL error, or a socket disconnect error. Setting UseTLS to any other
value than utNoTLSSupport is safe, as they are "explicit" values, and will
cause TIdIMAP4 to check if the server actually supports SSL/TLS before initiating
a handshake.

And what I can do to handle it more gracefully ?

The only thing you can do is set the ReadTimeout property, and let Connect()
fail with a read timeout error when the server's greeting does not arrive.

p.s. the same is happening with TIdPOP3 using port 995 and no TLS

Because it is the same issue. POP3 also has an initial greeting that Connect()
reads. If the server expects an SSL/TLS handshake and you don't sent one,
or you send a handshake when none is expected, bad things happen.

--
Remy Lebeau (TeamB)
Asger Joergensen

Posts: 370
Registered: 11/18/08
Re: TIdIMAP4 freezes my program
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2017 5:29 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Hi Remy

Thanks you very much for explaining.

Remy Lebeau (TeamB) wrote:

Setting UseTLS to any value other than utUseImplicitTLS on port 993 should
cause a freeze, since all other values will bypass the initial SSL/TLS handshake
upon establishing the socket connection, allowing Connect() to try reading
the server's greeting, which will not be sent until after a successful handshake
is complete first.

On the server I use one.com all seem to work on IMAP port 993 except for utNoTLSSupport,
I can fetch the mailboxes with both utUseRequireTLS and utUseExplicitTLS

The only thing you can do is set the ReadTimeout property, and let Connect()
fail with a read timeout error when the server's greeting does not arrive.

ReadTimeout = 10000; is that a good value ?
Should ReadTimeout be set in I IdIMAP4 or in the IdSSLIOHandlerSocketOpenSSL ?

What about the TSL version it default to sslvTLSv1 isn't most servers capable of
sslvTLSv1_2 now ? (my provider is)

P.s. I just found this, which confuses me a bit, explicit vs implicit:
1. By Port (a.k.a. explicit): Connecting to a specific port means that a secure
connection should be used. For example, port 443 for https (secure web), 993
for secure IMAP, 995 for secure POP, etc. These ports are setup on the server
ready to negotiate a secure connection first, and do whatever else you want
second.
2. By Protocol (a.k.a. implicit): These connections first begin with an insecure
“hello” to the server and only then switch to secured communications after the
handshake between the client and the server is successful. If this handshake
fails for any reason, the connection is severed. A good example of this is
the command “STARTTLS” used in outbound email (SMTP) connections.

on this site: https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html

Thanks again
Best regards
Asger
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: TIdIMAP4 freezes my program
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2017 11:43 AM   in response to: Asger Joergensen in response to: Asger Joergensen
Asger wrote:

On the server I use one.com all seem to work on IMAP port 993
except for utNoTLSSupport, I can fetch the mailboxes with both
utUseRequireTLS and utUseExplicitTLS

The only possible way that both utUseImplicitTLS and usUse(Explicit|Require)TLS
can work on the same port on the same server is if the server software is
peeking the initial inbound data to determine whether an implicit handshake
is being sent or not. While that is not illegal, it is not standard behavior.
Most servers rely on the port number instead of peeking to decide SSL/TLS
usage.

ReadTimeout = 10000; is that a good value ?

Use whatever is reasonable for your needs.

Should ReadTimeout be set in I IdIMAP4 or in the
IdSSLIOHandlerSocketOpenSSL ?

It doesn't really matter. Connect() will copy the value from TIdTCPConnection::ReadTimeout
to TIdIOHandler::ReadTimeout.

What about the TSL version it default to sslvTLSv1 isn't most servers
capable of sslvTLSv1_2 now ? (my provider is)

Many servers use TLS 1.0, and even 1.1, but 1.2 is not widely adopted yet.
But you can certainly enable it so it gets used if supported.

P.s. I just found this, which confuses me a bit, explicit vs implicit:

Implicit is when the SSL/TLS handshake is initiated immediately upon establishing
the socket connection, before any protocol-related data is then exchanged.

Explicit is when the SSL/TLS handshake is not initiated until the client
first requests it and the server agrees, using a protocol-specific command,
like STARTTLS.

1. By Port (a.k.a. explicit)
2. By Protocol (a.k.a. implicit):

Those are backwards. Initiating SSL/TLS based on the port number is implicit,
initiating based on a protocol command is explicit.

--
Remy Lebeau (TeamB)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02