[MlMt] TLS 1.3 supported?

[Frederik Schwan]

On Fri, Jan 10, 2025 at 03:35:24PM +0100, Benny Kjær Nielsen wrote:
> On 8 Jan 2025, at 13:04, Frederik Schwan via mailmate wrote:
> 
> > Though I run into connectivity issues. The server gives me:
> >> SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol
> 
> Make sure you use the beta available at https://freron.com
> 
> If you still have an issue then contact me off list and I can test by connecting to your server.

Yes, I'm running the latest 2.0 beta.

I replied to you off-list.
 
> > MacOS itself supports TLS 1.3 and the installed OpenSSL version does as well.
> 
> MailMate uses the CFNetwork framework (since r5263) which, as far as I know, supports 1.3, but there could of course be a configuration issue that I'm unaware of.

So I digged a bit into this, and it seems that only the higher level abstraction as NSURLSession, which is essentially a shortcut for the Foundation URL Loading System [0],
has TLS1.3 support. The lower layers, such as NSStream, CFHTTPStream and CFSocketStream don't support TLS 1.3.
I don't know the mailmate sources, but maybe this information helps you a bit.

> Ideally, MailMate should switch to Apple's Network framework, but that requires macOS 10.14+ (MailMate is still 10.12+). Yes, “maintaining” software often requires completely replacing existing code because of system changes :)

Well, that's a lot of work :/
I'll see what I can do on my side.

Thank you,
Frederik

[0] https://developer.apple.com/forums/thread/683645