> > On Jan 5, 2015, at 12:01 PM, openssl at comaxis.com wrote: >> Are there any known problems using OpenSSL with iCloud? I am trying to >> connect to imap.mail.me.com using port 993. My call to SSL_Connect() >> returns 0, with SSL_get_error() returing 1 (SSL_ERROR_SSL). I am using >> OpenSSL version 1.0.1h, running on Win32. I can use this code with any >> other IMAP server with no problems. > > > Are you able to connect using the openssl s_client application? I can > connect (to port 993, no starttls) with either 1.0.1j or 0.9.8za; perhaps > s_client will give you a more diagnostic error message if it also fails > for you. > > I made a build of 1.0.1j but it made no difference to my application. In fact, I *can* use "openssl s_client -connect" with iCloud. Doing the same thing with my own server (which my application works with) the only thing I see different in the diagnostics provided by openssl is the cipher: for imap.mail.me.com I get "AES256-GCM-SHA384" but with my own, I get "ECDHE-RSA-AES256-GCM-SHA384". Do I need to do something in the build open OpenSSL to get support for AES256, or something different in my code that uses SSL? I would assume the latter, since the openssl utility is using my brand new builds of the ssl dlls. Here is what I am doing (with error checking removed): SSL_library_init(); SSL_load_error_strings(); wsprintf (seed,"%lx%lx", GetCurrentProcessId(), time(0)); RAND_seed (seed, strlen(seed)); meth=SSLv3_method(); ctx = SSL_CTX_new(meth); SSL_CTX_set_options(ctx,0); SSL_CTX_set_verify(ctx,SSL_VERIFY_NONE,NULL); SSL_CTX_set_default_verify_paths(ctx); ssl = SSL_new(ctx); sbio = BIO_new_socket(gSocket, BIO_NOCLOSE); SSL_set_bio(ssl, sbio, sbio); ret = SSL_connect(ssl);
