IMAP4_SSL and OpenSSL compatibility

W. Martin Borgert debacle at
Mon Feb 25 23:43:27 CET 2013


after an upgrade from Debian squeeze to Debian wheezy, I could
not connect to a Microsoft Exchange Server 2003 anymore, because
the OpenSSL library, Python is linked with, changed from version
0.9.8o to 1.0.1e, which has different defaults. The code is:

>>> import imaplib
>>> IMAP4_SSL("")

With the new OpenSSL version, the following exception is raised:

Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "/usr/lib/python2.7/", line 1148, in __init__
     IMAP4.__init__(self, host, port)
   File "/usr/lib/python2.7/", line 192, in __init__
     typ, dat = self.capability()
   File "/usr/lib/python2.7/", line 361, in capability
     typ, dat = self._simple_command(name)
   File "/usr/lib/python2.7/", line 1070, in _simple_command
     return self._command_complete(name, self._command(name, *args))
   File "/usr/lib/python2.7/", line 897, in _command_complete
     typ, data = self._get_tagged_response(tag)
   File "/usr/lib/python2.7/", line 999, in _get_tagged_response
   File "/usr/lib/python2.7/", line 916, in _get_response
     resp = self._get_line()
   File "/usr/lib/python2.7/", line 1009, in _get_line
     line = self.readline()
   File "/usr/lib/python2.7/", line 1171, in readline
     return self.file.readline()
   File "/usr/lib/python2.7/", line 447, in readline
     data = self._sock.recv(self._rbufsize)
   File "/usr/lib/python2.7/", line 241, in recv
   File "/usr/lib/python2.7/", line 160, in read
ssl.SSLError: [Errno 1] _ssl.c:1359: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number

The problem seems to be, that IMAP4_SSL does not specify the SSL
version, so the default is used (ssl.PROTOCOL_SSLv23?). The
Python documentation states, that for clients the best option in
terms of compatilibity is ssl.PROTOCOL_SSLv3.

When I add an ssl_version argument to the call to
ssl.wrap_socket() in, I can connect to
the Exchange server without problems:

self.sslobj = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
                              ssl_version = ssl.PROTOCOL_SSLv3)

Would it make sense, to make this change in the Python standard

Thanks in advance!

More information about the Python-list mailing list