From 9b5da91f7c79832039820418d781b21e53ec0c0f Mon Sep 17 00:00:00 2001 From: Jakub Date: Fri, 11 Sep 2020 13:54:32 +0200 Subject: [PATCH] Fix: Yahoo not supporting TLS1.3 GODT-730 --- Changelog.md | 4 ++++ internal/transfer/provider_imap_utils.go | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 808cc7ed..e0991505 100644 --- a/Changelog.md +++ b/Changelog.md @@ -26,6 +26,10 @@ Changelog [format](http://keepachangelog.com/en/1.0.0/) ## [IE 1.0.x] Congo (v1.0.0 live 2020-09-08) +### Fixed +* GODT-730 Limit maximal TLS version for Yahoo IMAP server + +## [IE 0.2.x] Congo ### Added * GODT-633 Persistent anonymous API cookies for better load balancing and abuse detection. diff --git a/internal/transfer/provider_imap_utils.go b/internal/transfer/provider_imap_utils.go index 1edfeaff..16f2166e 100644 --- a/internal/transfer/provider_imap_utils.go +++ b/internal/transfer/provider_imap_utils.go @@ -18,7 +18,9 @@ package transfer import ( + "crypto/tls" "net" + "strings" "time" imapID "github.com/ProtonMail/go-imap-id" @@ -146,7 +148,19 @@ func (p *IMAPProvider) auth() error { //nolint[funlen] if host == "127.0.0.1" { client, err = imapClient.Dial(p.addr) } else { - client, err = imapClient.DialTLS(p.addr, nil) + // IMAP.mail.yahoo.com have problem with golang TLS1.3 + // implementation with weird behaviour i.e. Yahoo + // no error during dial or handshake but server logs out right + // after successful login leaving no time to perform any + // action. It was discovered that limiting to maximum TLS + // version 1.2 for yahoo servers is working solution. + + var tlsConf *tls.Config + if strings.Contains(strings.ToLower(host), "yahoo") { + log.Warning("Yahoo server detected: limiting maximal TLS version to 1.2.") + tlsConf = &tls.Config{MaxVersion: tls.VersionTLS12} + } + client, err = imapClient.DialTLS(p.addr, tlsConf) } if err != nil { return ErrIMAPConnection{imapError{Err: err, Message: "failed to connect to server"}}