SSLRead generating errSSLDecryptionFail when performing SSL POP3 RETR command

Developer Tools & Services Xcode
MohmadVasim OP
Created Jul ’22
Replies 5
Boosts 0
Views 1.4k
Participants 2

Hi ,

We are new to implementing SSL POP3 communication using port 995. We have installed HMailServer and created account and trying to communicate through POP3 SSL.

We have used Security framework API to make client and server handshake and after that we are making CAPA , USER, PASS , STAT, LIST command and once we get the list of messages with size , we are initiating RETR 1, 2 ....

RETR command sometimes fails randomly on certain emails giving error errSSLDecryptionFail. Sometime RETR 1 processed correctly and when we are trying to fetch RETR 2 then SSLRead is generating error as errSSLDecryptionFail.

As per error description errSSLDecryptionFail :
  1. invalid data coming from the remote host,
  2. a damaged crypto key, or
  3. insufficient permission to use a key that is stored in the keychain.

We would like to know how to verify above error conditions to identify the issue.

I would like to update that when it again make handshake and then at that time RETR 2 is getting succeeds but other RETR is failing with same error. (other RETR meaning RETR 5 etc.)

So please help us to know how we can identify the root-cause and how we can fix it.

Is there any Sample that we can use to identify the issue and solve it.

Thanks & Regards,

Mohmad Vasim

Replies  5
Boosts  0
Views  1.4k
Participants  2
Systems Engineer OP
Apple
Jul ’22

A few questions:

  1. You tagged this question with Network Extension. Where is the Network Extension in this equation and what type of provider are you using?
  2. Is iCloud Private Relay on in these failing cases?
0
MohmadVasim OP
Jul ’22

Hi Meaton,

Apologies for Network Extension . Its Security framework, SSLRead Secure Transport related problem that we are facing.

0
Systems Engineer OP
Apple
Jul ’22

Apologies for Network Extension . Its Security framework, SSLRead Secure Transport related problem that we are facing.

No problem. The Secure Transport APIs have been deprecated for some time now. Do you still see these issues if you use Network Framework and the TLS Security Options for Network Framework?

0
MohmadVasim OP
Aug ’22

Thanks for your response Meaton!

The Secure Transport APIs have been deprecated for some time now.

Okay understood.

Do you still see these issues if you use Network Framework and the TLS Security Options for Network Framework?

We are pretty much new to use Network framework. Could you please help us if there is any sample that we can use to do Handshake with server and implement the POP3 SSL port 995 specification like

  1. Handshake with server with port 995
  2. Send CAPA command to server and receive the server data
  3. Send other SSL command like STAT, UIDL, LIST and RETR command and read their response from server

Thanks & Regards,

Mohmad Vasim

0
Systems Engineer OP
Apple
Aug ’22

We are pretty much new to use Network framework. Could you please help us if there is any sample that we can use to do Handshake with server 

Sure, there are a few examples here:

  1. Building a custom peer-to-peer protocol
  2. Configuring a Wi-Fi Accessory to Join the User’s Network
  3. Creating an Identity for Local Network TLS - This is written for local network TLS, but a lot of the API examples could work in a remote case also.

Having said that, my recollection on POP3 SSL is a bit vague at this point. If this includes mid-streaming TLS then the following examples above will not work.

0
SSLRead generating errSSLDecryptionFail when performing SSL POP3 RETR command
First post date Last post date
 
 
Q