Add SSL protocol version fallback for IMAP servers not supporting it correctly
Review Request #107099 - Created Oct. 29, 2012 and submitted
|adawit, ahartmetz, ervin, thiago|
Normally any server greeted with an TLS1.2 (protocol version 03.03) ClientHello should answer with an ServerHello indicating the highest common version. Unfortunately there are some servers out there not doing this, exiting with an fatal TLS alert. In this case, try again with TLS1.0, SSLv3 and SSLv2. This happens as openSSL 1.0.1 supports TLS1.1/1.2, which will be used if KTcpSocket::AnySslVersion is used. openSSL <= 1.0.0 only supports TLS1.0, so this not an issue then. This patch only adds this behaviour to the "normal" imap ressource, but something similar is also needed in the server setup dialog. Something similar is done in the TCP ioslave, see https://git.reviewboard.kde.org/r/103610/
Just wondering, shouldn't that be a behavior to implement in KTcpSocket instead? That would avoid duplicating this logic at several places, and from KTcpSocket user point of view it's really an implementation detail.