Avast WEBforum

Avast Products => Avast Mac Security => Topic started by: tumic on July 18, 2012, 03:52:40 PM

Title: SSL/TLS connection detected!
Post by: tumic on July 18, 2012, 03:52:40 PM
Q: "I get annoying popups about SSL/TLS connections detected, how do I get rid of them?"
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86776)

A: The popup appears whenever a mail client connects to a mailserver using an encrypted (SSL) connection that the mailshield can not scan. You have to disable SSL in your mail client and enable it in the mailshield preferences to let the mailshield scan the connections and still connect encrypted to the mail server.

To disable SSL in Apple Mail client, go to "Preferences->Accounts->Advanced" and disable the "Use SSL" checkbox.
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86778)
Then go to the avast! preference pane in the system preferences and select the SSL tab in the mailshield advanced options and add the mailserver to the "Secured servers" list. The mailserver address to add is the value of the "Incoming Mail Server" field on the "Account Information" tab in the Apple Mail Account preferences.

(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86780)

For most mail servers like Google's gmail, this is all you have to do. If you now get a "SSL certificate error", see the following post.
Title: Re: SSL/TLS connection detected!
Post by: tumic on July 18, 2012, 04:11:02 PM
If you get the following popup after adding the mail server to the secured servers list
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86783)
You have to add the SSL certificate the mailserver is using to the "System" keychain
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86785)
Title: Re: SSL/TLS connection detected!
Post by: Gottesfreunde on July 19, 2012, 11:43:25 PM
Ok... uhm, this is pretty confusing. I use Gmail and Comcast. I have one account under Comcast.net and three under Gmail.

I have no idea what a "mail server" should be typed in as. I typed in "gmail.com" into the "secured servers" in the preferences pane of avast! and ip addresses (I assume) were then filled in, and it did the same for "comcast.net". When I did that, the messages went away referencing the SSL problem (I unchecked SSL in my Apple Mail app in their preferences.)

However, I'm still not sure if this was correct, and honestly, now, I'm frustrated to the point that I wish I had not installed this app on my system. I have no clue, whatsoever, how to or what to, do in my keychain file. Why can't the app simply set this stuff up for me????!!! I am left wondering if I have just unsecured my system rather than secured it, at least related to my email.

If this is what one has to do to make this program operate correctly (a big whopping hassle) then at least a very clear, succinct, step by step guide, with pictures, would be highly useful.



Title: Re: SSL/TLS connection detected!
Post by: tumic on July 21, 2012, 01:26:30 PM
I have no idea what a "mail server" should be typed in

The mailserver address to add is the value of the "Incoming Mail Server" field on the "Account Information" tab in the Apple Mail Account preferences.

I have no clue, whatsoever, how to or what to, do in my keychain file.

There is nothing to do with your keychain for gmail or comcast, the required certificates are already there. If they were missing, you would get the "SSL certificate error".
Title: Re: SSL/TLS connection detected!
Post by: TAC on July 23, 2012, 11:13:16 PM
I join the chorus.  The complexity and hassle of getting rid of those SSL messages is not something that I have the technical skill or time to bother with.  Hopefully I can use the Uninstall program and get this program removed from my computer.  This is an insane hassle to put users through!
Title: Re: SSL/TLS connection detected!
Post by: Gottesfreunde on July 23, 2012, 11:46:23 PM
While I appreciate free programs, the hassle of the set up of this app was more time consuming to me than any "virus" has been. I have had Macs for ever, the last time I had a virus was the 666 under OS 9... I had other things in my "Hosts" file that Avast! completely deleted, and it was lucky that I had a back up to restore it. Between the screwups that caused to my system, and the hassle of trying to figure this situation out, I figured I would stay with the very easy and very non-intrusive ClamXav... which is also free. I deleted Avast! from my system through the uninstall.

On a side note... developers constantly make the mistake of creating software for the Mac that requires too much fiddling. They forget the fact that many Mac users have their systems specifically because they require so little fiddling... preferring to spend that time completing real work. While malware and virus' may be on the rise for Macs, they are far more difficult to get than if you are on a Wintel machine. The amount of time this program requires to set it up, to fix what it does your system without forewarning you, is too costly for me.
Title: Re: SSL/TLS connection detected!
Post by: Stephen Scheaffer on August 06, 2012, 07:49:07 PM
Turmic,

I am still getting the SSL message. What needs to be added to the keychain. I do see your screenshot but what is added. My incomming server is imap.gmail.com and pop.gmail.com.
thanks,

Steve
Title: Re: SSL/TLS connection detected!
Post by: tumic on August 07, 2012, 11:14:03 AM
Turmic,

I am still getting the SSL message. What needs to be added to the keychain. I do see your screenshot but what is added. My incomming server is imap.gmail.com and pop.gmail.com.
thanks,

Steve

What SSL message? If You get the "SSL/TLS connection detected!" warning (orange), then the problem is that You have SSL enabled in Your mail client that prevents the mailshield to scan the traffic. The solution is to simply switch SSL off in your mail client, for Apple Mail, You can see the corresponding switch on the picture in the first post in this thread.

There is nothing to do with Your keychain for Gmail or any other "big" mail provider, those servers are signed by a authority that has its certificate in the Mac OS X "System root" keychain by default.
Title: Re: SSL/TLS connection detected!
Post by: Stephen Scheaffer on August 07, 2012, 01:59:52 PM
Sorry I wasn't clearer. I have shut off SSL in mail. I am getting the warning about the certificate.
Thanks
Title: Re: SSL/TLS connection detected!
Post by: tumic on August 09, 2012, 10:56:30 AM
Please look into the system log (/var/log/system.log), there will be more info about what's wrong and post it here.
Title: Re: SSL/TLS connection detected!
Post by: Stephen Scheaffer on August 09, 2012, 09:54:56 PM
I have a feeling this is what you are looking for.

Aug  9 15:28:49 Steves-Office-iMac proxy[35837]: No common name matching host name (imap.gmail.com) found in peer certificate!
Title: Re: SSL/TLS connection detected!
Post by: booklady on August 09, 2012, 10:48:53 PM
I had no trouble following the directions here, but when done my email program, Outlook, says it can't find the server.  It says: "Connection to the server failed or was dropped."  What else needs to happen?
Title: Re: SSL/TLS connection detected!
Post by: booklady on August 09, 2012, 10:52:12 PM
In the meantime, I went back to the SSL checkmarks, undid the list for Avasti, and then fixed it so nothing pops up.  It can just do its warnings in the background.
Title: Re: SSL/TLS connection detected!
Post by: tumic on August 09, 2012, 11:42:16 PM
I have a feeling this is what you are looking for.

Aug  9 15:28:49 Steves-Office-iMac proxy[35837]: No common name matching host name (imap.gmail.com) found in peer certificate!

Yes, that's it. But the error is very strange for imap.gmail.com as the server has for sure a correct certificate. Can you post here the content of your /etc/hosts file? The answer may be there.
Title: Re: SSL/TLS connection detected!
Post by: Stephen Scheaffer on August 09, 2012, 11:57:19 PM
what directory would I find that in?
Title: Re: SSL/TLS connection detected!
Post by: tumic on August 10, 2012, 11:43:29 AM
/etc/hosts is the full path of the file. The directory is /etc. To get the content, simpy write
Code: [Select]
cat /etc/hosts into the Terminal.
Title: Re: SSL/TLS connection detected!
Post by: Stephen Scheaffer on August 10, 2012, 04:46:04 PM
/etc/hosts is the full path of the file. The directory is /etc. To get the content, simpy write
Code: [Select]
cat /etc/hosts into the Terminal.

is the space after cat correct? this was returned:

127.0.0.1   localhost
255.255.255.255   broadcasthost
::1   localhost
fe80::1%lo0   localhost
173.194.68.109   imap.gmail.com   # Added by avast!
173.194.68.108   imap.gmail.com   # Added by avast!
2001:4860:800a::6c   imap.gmail.com   # Added by avast!
173.194.68.109   pop.gmail.com   # Added by avast!
173.194.68.108   pop.gmail.com   # Added by avast!
2001:4860:800a::6c   pop.gmail.com   # Added by avast!
Title: Re: SSL/TLS connection detected!
Post by: tumic on August 14, 2012, 09:12:35 AM
You really do use both protocols (POP3 & IMAP) on gmail? If not, delete either all the pop.gmail.com or all the imap.gmail.com entries and it will start working. Otherwise it won't be possible to use the mailshield in this configuration due to technical limitations.
Title: Re: SSL/TLS connection detected!
Post by: Stephen Scheaffer on August 14, 2012, 01:19:54 PM
You really do use both protocols (POP3 & IMAP) on gmail? If not, delete either all the pop.gmail.com or all the imap.gmail.com entries and it will start working. Otherwise it won't be possible to use the mailshield in this configuration due to technical limitations.

Actually I do. I won't go into why but the reasons were valid years ago. I may rethink this. Thanks for all your probing.

Steve
Title: Re: SSL/TLS connection detected!
Post by: LeSpace on August 25, 2012, 02:29:19 AM
I have the red message for certificates...

My log :
Aug 25 02:21:48 wn2000rptv2.home proxy[757]: Certificate verification failed: SSL_get_verify_result(): unable to get local issuer certificate

My hosts :
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255   broadcasthost
::1   localhost
fe80::1%lo0   localhost
65.55.162.199   pop3.live.com   # Added by avast!
17.158.10.200   p03-imap.mail.me.com   # Added by avast!

When i follow your instruction for certificates on the system keychain, when i click on the "+", there is a box ask me to choose a file. Which file ??

thx
Title: Re: SSL/TLS connection detected!
Post by: rfwolf on August 31, 2012, 01:42:54 AM
On the Mac, this method works with the Mail application, but not with Sparrow. I cannot get Sparrow to connect to gmail with the SSL turned off. Will there ever be a fix for this from Avast?
Title: Re: SSL/TLS connection detected!
Post by: alexclopes73 on August 31, 2012, 03:11:02 PM
Hi,

I have the same problem with RED messages of avast.

I did all procedures given :

- Move the Gmail's and Hotmail certificades to system in keychain
- I disable SSL in Apple Mail client to all accounts
- I  add is the value of the "Incoming Mail Server" field on the "Account Information"in Mail Shield of Avast (see below )

But the RED message foi GMAIL doesn't stop.

How do I proceed ?

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255   broadcasthost
::1   localhost
fe80::1%lo0   localhost
74.125.45.109   imap.gmail.com   # Added by avast!
74.125.45.108   imap.gmail.com   # Added by avast!
2607:f8b0:400c:c03::6c   imap.gmail.com   # Added by avast!
65.55.172.253   pop3.live.com   # Added by avast!

(http://Screen Shot 2012-08-31 at 10.04.57)
(http://Screen Shot 2012-08-31 at 10.05.30)
(http://Screen Shot 2012-08-31 at 10.06.03)
Title: Re: SSL/TLS connection detected!
Post by: sammanjac on September 05, 2012, 09:48:12 AM
Same problem for me and its taking hectic time for me and overall i have disable mail shield
Title: Re: SSL/TLS connection detected!
Post by: tumic on September 05, 2012, 10:33:17 PM
The certificate check is broken in the legacy 0.9.7 openssl library (we use it to be Mac OS X 10.5 compatible) on Mac OS 10.8. We are working on a workaround/fix of the issue which will be soon available.
Title: Re: SSL/TLS connection detected!
Post by: GMoGH on September 07, 2012, 11:52:38 PM
I had the "SSL certificate check failed" error for imap.gmail.com and here is what I did to fix the problem. I removed the entries for imap.gmail.com, and I restarted the service by unchecking and then rechecking the box for Mail Shield. In my mail client, mac mail, I unchecked "Use SSL" on the advanced tab of the email account settings and that's it. It worked fine after those changes. To be clear, in avast preferences, mail shield, advanced, SSL, the box is empty, nothing listed and gmail works correctly now.

If people are uncomfortable with that option, I tested another option with gmail.com in the SSL tab of avast preferences and it works great. This is probably a better solution since the developers want something listed but I wanted to present both incase one option did not work for someone.
Title: Re: SSL/TLS connection detected!
Post by: haros on September 08, 2012, 02:40:52 AM
Hi Tumic,

I have disabled SSL in my Mail 6.0 client but cannot enable it in avast. When I go to the SSL tab in my avast preferences, the "+" and "-" buttons are greyed out and cannot be clicked. Please see screen shot below.

(http://i1160.photobucket.com/albums/q500/haros2/b61b6609.png)

What's the deal and how do I fix it? It is a Gmail account if that helps.

Cheers,
Haros
Title: Re: SSL/TLS connection detected!
Post by: LeSpace on September 08, 2012, 11:42:36 AM
Hi Tumic,

I have disabled SSL in my Mail 6.0 client but cannot enable it in avast. When I go to the SSL tab in my avast preferences, the "+" and "-" buttons are greyed out and cannot be clicked. Please see screen shot below.

What's the deal and how do I fix it? It is a Gmail account if that helps.

Cheers,
Haros
^^

You must to enter your admin password of your Mac. Look you can see in the background of your picture a padlock in the bottom right. Click on it.  ;D
Title: Re: SSL/TLS connection detected!
Post by: swandy on September 10, 2012, 03:35:45 PM
I have been trying to follow this thread but I am using the installed Mail and iCloud as my mail server for my email and whenever I uncheck the SSL box in the preferences, I get a message that I need to enter an incoming mail server.
And reading on Apple's website it states that to use iCloud for emails you MUST enable SSL. So what - if any - is the solution to the SSL pop-up warnings???
Thanks,
Title: Re: SSL/TLS connection detected!
Post by: tumic on September 13, 2012, 06:09:14 PM
If you configure the mailshield correctly, you will connect using SSL to the iCloud server.

If your setup is the one described here: http://support.apple.com/kb/HT4864 (http://support.apple.com/kb/HT4864), but with the SSL box unchecked, Apple Mail does not allow You to close the configuration dialogue?
Title: Re: SSL/TLS connection detected!
Post by: swandy on September 14, 2012, 02:13:19 AM
If you configure the mailshield correctly, you will connect using SSL to the iCloud server.

If your setup is the one described here: http://support.apple.com/kb/HT4864 (http://support.apple.com/kb/HT4864), but with the SSL box unchecked, Apple Mail does not allow You to close the configuration dialogue?

Correct. If I leave the SSL box unchecked and try to save the settings, I get a message that the "incoming mail server box" cannot be left empty. It is not actually empty, but it is greyed out - I guess because it is set up that way automatically when you set up the Mac using iCloud.
Title: Re: SSL/TLS connection detected!
Post by: UnD3Rd0g on September 27, 2012, 06:59:16 PM
I have the same problem like Stephan Schaeffer that I get the certificate errors. I disabled the SSL in Mail and added the Mail Servers to the avast!config.
But I'm not sure what to do with the certificates. One out of my three mail accounts is working correctly but the other two not.

It would be nice if someone could help me.

thanks
Title: Re: SSL/TLS connection detected!
Post by: tumic on October 01, 2012, 02:45:20 PM
I have the same problem like Stephan Schaeffer that I get the certificate errors. I disabled the SSL in Mail and added the Mail Servers to the avast!config.
But I'm not sure what to do with the certificates. One out of my three mail accounts is working correctly but the other two not.

It would be nice if someone could help me.

thanks

If you are using Mac OS X 10.8 (Mountain Lion), then it is most probably caused by the broken legacy (0.9.7) version of OpenSSL that comes with the OS. Starting with the next program update (which will come soon) we will use an own openssl library that will fix this issue.
Title: Re: SSL/TLS connection detected!
Post by: Darkcarbon on October 11, 2012, 01:53:10 AM
Hello,
Firstly please excuse my bad english.
I use avast for mac
I managed to configure with avast mail about SSL errors.
But I just realized that the problem was always reporting SSL starting this native application "Notes" on OSX 10.8 (mountain lion).
I esseyer all to no avail.
It is impossible to disable SSL on the application.
Do you offer me a solution?
I hope that the developer will avast react quickly because these problems SSL are large black dot that do a lot of shadow is soft yet bright future.
cordially

ps: the message "port 143 expired" appears regularly, with the result reactivate the SSL "mail".
Title: Re: SSL/TLS connection detected!
Post by: shadowshu on October 12, 2012, 11:56:31 PM
Why in the world why would I want to disable SSL on my mail connections?  Many major ISP's are moving to SSL (I have multiple accounts and all are SSL - Comcast's FAQ about mail setup shows ONLY SSL connections) and dont recommend having mail connections NOT be SSL.  I installed this about 5 mins ago and have no less than 30 SSL alerts about pop3.live.com no less.  It's out of hand so I'll disable the mail scanning til Avast gets this piece in better order.

Also your forums do not provide the word verification to post or confirm registration on Chrome at all have to use Safari only to use your forums.
Title: Re: SSL/TLS connection detected!
Post by: macaroons on October 13, 2012, 05:23:09 AM
I did exactly this, but the warning still keep on popping up!
Mac OS =10.6.8

Is there a way to disable popups at all? I even tried to set the popups duration to 0s but they just won't die! It's really annoying...

Q: "I get annoying popups about SSL/TLS connections detected, how do I get rid of them?"
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86776)

A: The popup appears whenever a mail client connects to a mailserver using an encrypted (SSL) connection that the mailshield can not scan. You have to disable SSL in your mail client and enable it in the mailshield preferences to let the mailshield scan the connections and still connect encrypted to the mail server.

To disable SSL in Apple Mail client, go to "Preferences->Accounts->Advanced" and disable the "Use SSL" checkbox.
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86778)
Then go to the avast! preference pane in the system preferences and select the SSL tab in the mailshield advanced options and add the mailserver to the "Secured servers" list. The mailserver address to add is the value of the "Incoming Mail Server" field on the "Account Information" tab in the Apple Mail Account preferences.

(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86780)

For most mail servers like Google's gmail, this is all you have to do. If you now get a "SSL certificate error", see the following post.
Title: Re: SSL/TLS connection detected!
Post by: tjfoth on October 13, 2012, 09:58:08 PM
I am having this problem on 10.7.4.

I tried the suggestion made earlier:
1. I turned off SSL in mail.app
2. I shut down mail.app
3. I went to avast
4. I removed the servers from Advanced SSL
5. I turned off Mail Shield
6. Put the mail server back in (imap.gmail.com)
7. Turned Mail Shield back on
8 Started up mail.app.

Mail.app does not connect to imap.gmail.com.

/etc/hosts appears as is reported earlier in this forum.

There are no error messages in the log.

Please advise.  What am I missing?

Thank you.
Title: Re: SSL/TLS connection detected!
Post by: tjfoth on October 15, 2012, 03:19:28 AM
My answer was found here:

http://forum.avast.com/index.php?topic=89943.60

Instead of moving the imap.gmail.com logins to System, I copied the entries.  I also added avast as an authorized app to each of mine (I have three gmail email accounts).

<I wish this board would work with Chrome>
Title: Re: SSL/TLS connection detected!
Post by: H3L0 on October 19, 2012, 01:15:19 PM
Q: "I get annoying popups about SSL/TLS connections detected, how do I get rid of them?"
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86776)

A: The popup appears whenever a mail client connects to a mailserver using an encrypted (SSL) connection that the mailshield can not scan. You have to disable SSL in your mail client and enable it in the mailshield preferences to let the mailshield scan the connections and still connect encrypted to the mail server.

To disable SSL in Apple Mail client, go to "Preferences->Accounts->Advanced" and disable the "Use SSL" checkbox.
(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86778)
Then go to the avast! preference pane in the system preferences and select the SSL tab in the mailshield advanced options and add the mailserver to the "Secured servers" list. The mailserver address to add is the value of the "Incoming Mail Server" field on the "Account Information" tab in the Apple Mail Account preferences.

(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=86780)

For most mail servers like Google's gmail, this is all you have to do. If you now get a "SSL certificate error", see the following post.

This will not work for iCloud! I get the warning if I open notes, ical, reminders, and mail! the only one that you can turn off is mail but then you cannot connect to the servers!!!
Title: Re: SSL/TLS connection detected!
Post by: hcarlo on October 21, 2012, 07:15:16 PM
this is so complicated, is a turn-off for AVAST.  I managed to disable SSL, but when I tried to add the incoming mail server in Avast, it did not show any certificates.  how do I stop avast from displaying the anoying message?  or do i have to uninstall avast and forget about it?
Title: Re: SSL/TLS connection detected!
Post by: bellatrix on October 22, 2012, 06:09:03 PM
Bonjour

I disabled the ssl in mail application, then I added the servers in Avast.
I have no error message but now I do not receive my emails
Title: Re: SSL/TLS connection detected!
Post by: tumic on October 23, 2012, 04:03:20 PM
Bonjour

I disabled the ssl in mail application, then I added the servers in Avast.
I have no error message but now I do not receive my emails

What mail provider do you use? If it is iCloud, then the avast! mailshield does not actually
work with it as the iCloud IMAP servers break the IMAP protocol in several ways. (We have
issued appropriate bugreports to Apple, but their responses are usualy in terms of
months, so we will - as usual in case of Apple bugs - try to find some workaround for iCloud).
Title: Re: SSL/TLS connection detected!
Post by: MNavastuser on October 29, 2012, 12:28:43 AM
After reading through various threads on this topic, I called Avast technical support and they were very helpful.  ;D

What I wanted to do was simply KEEP my SSL function in my MAC mail preferences checked because my web host tech support told me that they not only encrypt but also scan for viruses etc. and, besides, I am paying them extra for SSL functionality.

Therefore, all I wanted to do was disable the warnings and alerts from the Avast program. In Avast preferences-->PopUps, I turned off "Warnings" and "Alerts." The rep told me that Avast will continue to scan my iCloud mail and will warn me about any serious problems while my web site host email account will be taken care of on their server. I should not receive the annoying SSL alerts anymore.

The Avast rep was clear and very helpful.   8) Now we'll have to see if the alerts to away and I never get any viruses!  ::)
Title: Re: SSL/TLS connection detected!
Post by: jessepps on November 07, 2012, 10:13:45 PM
That Captcha thing sucks.
Title: Re: SSL/TLS connection detected!
Post by: Lisandro on November 09, 2012, 12:57:17 AM
That Captcha thing sucks.
Why? Can you develop?
Title: Re: SSL/TLS connection detected!
Post by: white-note on November 09, 2012, 01:25:37 PM

If you are using Mac OS X 10.8 (Mountain Lion), then it is most probably caused by the broken legacy (0.9.7) version of OpenSSL that comes with the OS. Starting with the next program update (which will come soon) we will use an own openssl library that will fix this issue.

Is there any news on this?
I would like to make this work.
I Use Mountain Lion and Outlook, and I can't add the servers because the certificates are NOT on my computer.

For now I disabled my email protection, but thats not what I want..
Title: Re: SSL/TLS connection detected!
Post by: tumic on November 09, 2012, 01:40:30 PM
This was fixed several versions ago (avast! has now openssl libraries included in the bundle).

But this has nothing to do with missing certificates on your machine. However, you can always
get the certificate from the SSL connection itself, for example by issuing a SSL connection to the
mail server with openssl:

Code: [Select]
openssl s_client -connect your.imap.server.com:993
and save the certificate from the output:

Code: [Select]
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

to a .cer file and then import it to the system keychain.

But note, that from the the cryptography point of view, this is wrong, as you can not trust
the certificate.
Title: Re: SSL/TLS connection detected!
Post by: white-note on November 09, 2012, 03:30:28 PM
Hello tumic.

Thanks for your fast Reply.

To be honest: I don't know how to execute your tips.

What I don't understand is:
I did a fresh install on my Macbook today (downloaded Mountain Lian from Apple), did a clean install with Microsoft Office 2011 (installed SP1), and downloaded Avast today.

So, everything is the latest version.

If this was fixed, why don't I have the certificates on my Mac?
I didn't installed any back ups, so that can't be the problem..

I would hate to uninstall Avast, as I think it's very good software, i use it on my Android as well.
Title: Re: SSL/TLS connection detected!
Post by: tumic on November 11, 2012, 12:50:53 PM
If this was fixed, why don't I have the certificates on my Mac?

The certificates of the most common certification authorities (CA) are part of Mac OS X and are maintained by Apple. This means that for the most "big" servers like gmail, yahoo or hotmail, the certificates are present on your system. However, if you use a server with a self signed certificate or a server signed by a not so common CA, the certificate will be missing, and you have to obtain it by your self.

What email (IMAP) server are you connecting to?
Title: Re: SSL/TLS connection detected!
Post by: white-note on November 11, 2012, 12:55:44 PM
On my Mac I use only gmail.
So the server is imap.gmail.com, and smtp.gmail.com
Title: Re: SSL/TLS connection detected!
Post by: Tonin_US on November 22, 2012, 05:37:29 PM
Hi,

I've installed Avast yesterday and I got orange "SSL/TLS Connection detected box". So, I tried to follow the instructions... Uncheck the SSL box in the Mail app and add the server (gmail, so I assume it is imap.gmail.com) to the Avast preference shield.

My issue is that I cannot do that. Each time I try to add the gmail server, I get a message that tells that Avast can not connect the server? (I try to be sure that imap.gmail.com is copy into System in the chain keys).

(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=97452)

What shall I do?

Thanks in advance.
Title: Re: SSL/TLS connection detected!
Post by: white-note on November 25, 2012, 12:52:04 PM
Exact my problem...

If I can't solve this, I'm gonna try Bitdefender instead....
I really don't understand that this has to be so difficult.
(Hoping the problem is in the program instead of in me....)
Title: Re: SSL/TLS connection detected!
Post by: badgerit on November 25, 2012, 03:24:38 PM
Hi,

I've followed the instructions as best I can, and now Mail doesn't download my messages from gmail.

It can see the messages and starts trying to download them, and then the data transfer rate drops down to 0 KB/s and nothing happens.

If I tick the SSL box in mailbox account preferences it downloads the messages fine, but then I get the pop up.

Is 'password' the correct security setting?

Thanks,

Rebecca
Title: Re: SSL/TLS connection detected!
Post by: hschumi on November 27, 2012, 06:00:46 AM
Hi,

I've installed Avast yesterday and I got orange "SSL/TLS Connection detected box". So, I tried to follow the instructions... Uncheck the SSL box in the Mail app and add the server (gmail, so I assume it is imap.gmail.com) to the Avast preference shield.

My issue is that I cannot do that. Each time I try to add the gmail server, I get a message that tells that Avast can not connect the server? (I try to be sure that imap.gmail.com is copy into System in the chain keys).

(http://forum.avast.com/index.php?action=dlattach;topic=101571.0;attach=97452)

What shall I do?

Thanks in advance.

Exactly the same problem here. Avast! Could you PLEASE provide some instructions how to add the imap.gmail.com server to the list of SSL-servers.
Title: Re: SSL/TLS connection detected!
Post by: Katrachin on November 27, 2012, 09:36:33 PM
I have the same problem of you colleagues :(

the solution proposed at first before work, I use it on OSX lion a few months ago.

now install OSX 10.8.2 ML from scratch and download the latest version of avast for mac, with the results that you explained.

I noticed in this version of avast, the default value for error alerts on SSL / TLS conection: is disabled.

then no alerts appear, but email shield does not work. So more new users may experience the problem without knowing it.

for now i disable the use of SSL on mail, so the shield can scan. But lose the benefit of encryption on the connection.
Title: Re: SSL/TLS connection detected!
Post by: sejtam on December 02, 2012, 07:20:54 AM
I have the same issue on a newly installed avast! for mac.

when I try to add  imap.gmail.com, I get the error "Error verifying mail server"
and the same for imap.googlemail.com

**** HOWEVER ****

When I then try adding my corporate email server, that verifies OK *and* then both it *and* the imap.gmail.com server
that was reportedly not verifyiable shows up with IP addresses in the list.

**WTF**?

So now the unverified imap.gmail.com is listed as if it had been verified. Thus avast will now think that server
verified even if that was not possible????

(or is it that it was in fact verified, but it just failed to be added to the list and the wrong error shown????
In either case, I have *NO TRUST*  in that anymore...

Trying to verify it again afterwards still fails.

This is with Avast 7.0 (37781)
Title: Re: SSL/TLS connection detected!
Post by: sejtam on December 06, 2012, 11:47:08 AM
i raised a support ticket on this (the fact that servers that were not verified were added along with a later verified server to the SSL list, as if they had passed verification)..

https://support.avast.com/index.php?_m=tickets&_a=viewticket&ticketid=3027537
Title: Re: SSL/TLS connection detected!
Post by: tumic on December 06, 2012, 05:30:20 PM
When you add imap.gmail.com to the list of SSL servers, multiple IP addresses are added to the list and each of them is verified. If one of the addresses fails to verify, you get the error window, but all passed addresses are added to the list. I confess, that this is a little bit confusing and one may even consider it an error.

So what probably happens for all of you that get the "verification error" message is, that you have broken IPv6 in your network and verification of imap.gmail.com fails on IPv6 (you get its IPv6 address from DNS, but can not access it). If you post here the system log entries, we can prove this.
Title: Re: SSL/TLS connection detected!
Post by: sejtam on December 07, 2012, 04:01:28 AM
When you add imap.gmail.com to the list of SSL servers, multiple IP addresses are added to the list and each of them is verified. If one of the addresses fails to verify, you get the error window, but all passed addresses are added to the list. I confess, that this is a little bit confusing and one may even consider it an error.

Might be, but I'd like to see proof of that.

Quote
So what probably happens for all of you that get the "verification error" message is, that you have broken IPv6 in your network and verification of imap.gmail.com fails on IPv6 (you get its IPv6 address from DNS, but can not access it). If you post here the system log entries, we can prove this.

IPv6 is turned off in the [ MailShield / Advanced /General tab ].
I have nly the normal site-local addresses configured, nothing else anyway
I also ran a tcpdump looking for the v6 address reported for imap.gmail.com (2607:f8b0:4003:c02::6c) but nothing is shown either

Where do i find the specific system log?

Title: Re: SSL/TLS connection detected!
Post by: sejtam on December 07, 2012, 04:13:25 AM
Ah ok, the normal 'system.log' logs;

Dec  7 11:02:31 matjes-Mac-mini-2.local System Preferences[47850]: 995: The operation couldn<E2><80><99>t be completed. (OSStatus error -9807.)
Dec  7 11:02:32 --- last message repeated 1 time ---
Dec  7 11:02:32 matjes-Mac-mini-2.local System Preferences[47850]: 995: The operation couldn<E2><80><99>t be completed. No route to host
Dec  7 11:02:32 matjes-Mac-mini-2.local System Preferences[47850]: 993: The operation couldn<E2><80><99>t be completed. No route to host

which of course does not hold sufficient info to even link it to the avast SSL check, so I missed it earlier.

It seems to be stupid of avast to try something via v6 when v6 is turned off ( have turned off and on the mail shield to see if that makes it recognize to not try v6, but no luck. there seems to be no way to totally unload avast for a fresh restart (other than a reboot).)
Title: Re: SSL/TLS connection detected!
Post by: sejtam on December 07, 2012, 04:38:29 AM
and even rebooting the mac after turning off Iv6 did not help this.
This is definitely a bug, as none of the (allegedly verified addresses) would be added unless one successfully added another server later...
Title: Re: SSL/TLS connection detected!
Post by: tumic on December 07, 2012, 11:12:04 AM
and even rebooting the mac after turning off Iv6 did not help this.

You probably still get the IPv6 addresses in DNS responses from your DNS server even when you turn IPv6 off. And the preferences simply try to add every IP address that resolves from the given host.

This is definitely a bug, as none of the (allegedly verified addresses) would be added unless one successfully added another server later...

I agree, but it is a minor bug affecting only people with broken IPv6 in their network. And in the next version of avast! for Mac there will be a completely different handling of SSL connections and all the "SSL hosts" stuff will vanish (or better transformed to certificates issues ;-)).
Title: Re: SSL/TLS connection detected!
Post by: specimen9999 on December 13, 2012, 04:46:47 AM
I understand how the system works, but it's too much of burden for users, specially non-technical ones, I hope the next version resolves this.

But it gets worst, I have an email account on a private server that uses a self signed cert, the thing is that at least once or twice a week Avast complains the SSL certificate check failed, I go to Avast preferences, remove the server, add it again and it works again, what's happening here? The cert isn't changing it's the same cert I already have in my Keychain.
This is becoming beyond annoying.
Title: Re: SSL/TLS connection detected!
Post by: Gene11 on December 17, 2012, 05:05:05 PM
I am unable to install an SSL certificate for my mail server in the system keychain.  When I try using Keychain Access, a drop-down menu appears for me to select the SSL certificate.  The problem is, I do know how to locate an SSL certificate for my mail server.  I use Mail for the Mac, and the incoming mail server listed in the Mail preferences folder for it is mail.me.com.  The outgoing mail server is smtp.me.com:username.  In addition, I am using OSX6.  Any help would be appreciated.
Title: Re: SSL/TLS connection detected!
Post by: Falcon38 on December 19, 2012, 08:10:08 AM
I am having the same problem as tonin, whitenote and hschumi:

Mac OSX 10.6.8, Avast 7.0 updated, trying to use Mac Mail and gmail

"Error verifying mail server"

I drug the Equifax certificate from System Root to System, so it is in both places now

I unchecked SSL on all gmail accounts and confirmed port went to 143

but I am unable to add imap.gmail.com to avast....

Help

PS - I plan on upgrading to Mtn Lion soon -- will that solve the problem?
Title: Re: SSL/TLS connection detected!
Post by: tumic on December 19, 2012, 08:04:11 PM
What is in the system log (/var/log/system.log)?
Title: Re: SSL/TLS connection detected!
Post by: Falcon38 on December 20, 2012, 02:08:14 PM
I sent a PM with log :D
Title: Re: SSL/TLS connection detected!
Post by: tumic on December 21, 2012, 04:05:22 PM
I sent a PM with log :D

The problem is most probably caused by broken IPv6 in your network. If you type
Code: [Select]
host imap.gmail.com, do you also get the IPv6 address? If you do and you do not have a working IPv6 connection, this is what is causing the error. As already anounced - this problem will disapear with the next program update that will bring a completely different secured connection handling.
Title: Re: SSL/TLS connection detected!
Post by: shortmanincali on December 23, 2012, 05:02:50 AM
Hi im new to macs, how can I view the system log (/var/log/system.log)? I am running 10.8.2 OS X.
Title: Re: SSL/TLS connection detected!
Post by: puffy303 on December 26, 2012, 09:59:00 PM
If you do and you do not have a working IPv6 connection, this is what is causing the error. As already anounced - this problem will disapear with the next program update that will bring a completely different secured connection handling.

Without holding anyone to this answer, is there a time frame on when the next version for OS X will be out?

I too am unable to add imap.gmail.com to the Avast preference pane (for Mail Shield).  I get the error message about being unable to verify.

I would even consider running a beta version of the next release.

Thank you.
Title: Re: SSL/TLS connection detected!
Post by: cb299a on January 02, 2013, 01:35:50 AM
I just wanted to provide my experience - just installed Avast last night, got the SSL/TLS warnings. Tried to add my incoming mail servers for Gmail and me.com) to the SSL pane - each one produced the message, "could not verify server". Yes I am sure I spelled them the same as they appear in the Mail Preferences pane. So, no go.

But, much worse, outgoing mail stopped working after installing AVast. Turning off SSL in the preferences was no help. So I uninstalled Avast, and outgoing mail is working again.

Sadly, I have to concur with many of the other posters here. Tho' its great to attempt a free Mac security package, Avast is not workable for "the rest of us".
Title: Re: SSL/TLS connection detected!
Post by: tumic on January 02, 2013, 04:48:24 PM
I would even consider running a beta version of the next release.

The beta version for testing is available here:
http://forum.avast.com/index.php?topic=112193.0 (http://forum.avast.com/index.php?topic=112193.0)
Title: Re: SSL/TLS connection detected!
Post by: mwg2 on January 24, 2013, 11:55:43 PM
I too am having the same error message (can't verify server)...however it is NOT an IPV6 problem...I think it has to do with the Gmail's two-factor authentication.  I am running that, and have set up an Apple Mail application-specific password for Apple Mail. (See: http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833 to learn how to do this.)

Anyway...Everything works perfectly in Apple Mail, but not when running through Mail Shield.  My thought is that the imap server is NOT 'seeing' the application-specific password through the Mail Shield program.  And YES, the Apple Mail application-specific password is located in KeyChain.

Any suggestions?   
Title: Re: SSL/TLS connection detected!
Post by: specimen9999 on January 25, 2013, 01:10:56 AM
I too am having the same error message (can't verify server)...however it is NOT an IPV6 problem...I think it has to do with the Gmail's two-factor authentication.  I am running that, and have set up an Apple Mail application-specific password for Apple Mail. (See: http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833 to learn how to do this.)

Anyway...Everything works perfectly in Apple Mail, but not when running through Mail Shield.  My thought is that the imap server is NOT 'seeing' the application-specific password through the Mail Shield program.  And YES, the Apple Mail application-specific password is located in KeyChain.

Any suggestions?

I might be able to help, in this case I suspect that Google considers this a new application, as avast proxy is actually the one making the connection to the server, so it's unauthorized.
Title: Re: SSL/TLS connection detected!
Post by: mwg2 on January 25, 2013, 01:28:54 AM
I too am having the same error message (can't verify server)...however it is NOT an IPV6 problem...I think it has to do with the Gmail's two-factor authentication.  I am running that, and have set up an Apple Mail application-specific password for Apple Mail. (See: http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833 to learn how to do this.)

Anyway...Everything works perfectly in Apple Mail, but not when running through Mail Shield.  My thought is that the imap server is NOT 'seeing' the application-specific password through the Mail Shield program.  And YES, the Apple Mail application-specific password is located in KeyChain.

Any suggestions?

I might be able to help, in this case I suspect that Google considers this a new application, as avast proxy is actually the one making the connection to the server, so it's unauthorized.

That sounds very plausible...but...there is no place in the Mail Shield SSL table to insert a password.  So...how would I associate a password with Mail Shield?
Title: Re: SSL/TLS connection detected!
Post by: specimen9999 on January 25, 2013, 01:38:07 AM
*shrug* if my hypothesis is true, there's no way to do it, or you would have to do it via Apple Mail, I don't know.
The only good thing I have to say is that the current beta (you can see it these forums) uses a completely different mechanism that is much more transparent to applications.
Title: Re: SSL/TLS connection detected!
Post by: mwg2 on January 25, 2013, 02:46:01 AM
Thank you kind sir.  I appreciate you offering some assistance.  I think I am out of luck until Avast allows password input associated with the Mail Shield SSL table. 
Title: Re: SSL/TLS connection detected!
Post by: andy5501 on January 25, 2013, 01:29:24 PM
I am with White-Note, reply #44

Fresh 10.8.2 and Office2011, using Outlook. My mail server does NOT use SSL, and the shield was already active in Avast, yet I got these annoying pop-ups. So I disabled the shield in Avast, and within seconds I received all mails that were queued up in the mail server.

Hope to get information when there is an update on Avast that fixes this.
Title: Re: SSL/TLS connection detected!
Post by: mwg2 on January 25, 2013, 11:31:07 PM
To the Moderators:  Do any of you happen to know how to send an email to Avast developers?  I think they should know about the GMAIL IMAP application specific password requirement (for those of us that use Gmail two-factor authentication.)  The fix should be relatively easy:  Just allow an optional input area on the SSL Table to add an IMAP specific password to be associated with the Mail Shield Proxy.   

Thanks so much!   
Title: Re: SSL/TLS connection detected!
Post by: specimen9999 on January 26, 2013, 12:37:11 AM
To the Moderators:  Do any of you happen to know how to send an email to Avast developers?  I think they should know about the GMAIL IMAP application specific password requirement (for those of us that use Gmail two-factor authentication.)  The fix should be relatively easy:  Just allow an optional input area on the SSL Table to add an IMAP specific password to be associated with the Mail Shield Proxy.   

Thanks so much!

I think you should try the Beta announced on this forum.
Most likely they won't 'fix' it, in the new beta this works in a completely different way exactly to avoid these and other problems.
Title: Re: SSL/TLS connection detected!
Post by: allanrisk on January 26, 2013, 03:35:15 PM
Whenever I try to add my gmail imap server, I get the attached message:
Title: Re: SSL/TLS connection detected!
Post by: allanrisk on January 26, 2013, 03:46:46 PM
Whenever I try to add my gmail imap server, I get the attached message:

Sorry - didn't see that this very problem had been posted earlier ... I'd delete my original post if I knew how ...  :-[
Title: Re: SSL/TLS connection detected!
Post by: Phimple on January 28, 2013, 09:50:03 AM
I'm another person who can not get avast to work with gmail due to the server error when trying to add it in......

Please remedy for us.....
Title: Re: SSL/TLS connection detected!
Post by: tumic on January 28, 2013, 10:20:40 AM
I'm another person who can not get avast to work with gmail due to the server error when trying to add it in......

Please remedy for us.....

Use the beta (http://forum.avast.com/index.php?topic=112193.0 (http://forum.avast.com/index.php?topic=112193.0)), it fixes this issue.
Title: Re: SSL/TLS connection detected!
Post by: jimceez on February 02, 2013, 03:03:00 PM
Hi,

I'm new to avast! am having the same issues as most others.  I turn off SSL in the mail accounts and try to add the servers into the avast! listing and I get the same errors of verification.  This is happening to both my comcast & gmail accounts. I've read most threads, found the keychains, moved them to system and still have issues.  I'm using the latest release of ML.

It is extremely frustrating.  Can you put the complete steps into a bullet point format so people can follow.  Thanks.
Title: Re: SSL/TLS connection detected!
Post by: joelw135 on February 05, 2013, 04:40:03 PM
I'm another person who can not get avast to work with gmail due to the server error when trying to add it in......

Please remedy for us.....

Use the beta (http://forum.avast.com/index.php?topic=112193.0 (http://forum.avast.com/index.php?topic=112193.0)), it fixes this issue.

It fixes the issue, but doesn't allow access to IMAP gamil or POP. Also causes Thunderbird to become highly unstable if you turn off Mail Shield.
Title: Re: SSL/TLS connection detected!
Post by: Sfmsk on February 10, 2013, 12:32:15 PM
Hey I have the same problem. I get the red warning (SSL certificate check failed!) :(
My mail worked just fine before where I had Norton, but it was only a trial version and it expired, so I went and got Avast.
I've done everything; disabled SSL, added the incoming mail server to the mail shield of Avast and added it to my keychain as well, but I still get that stupid message. I've got no clue what to do, would be lovely if somebody could help. :)

Thanks in advance
Sfmsk
Title: Re: SSL/TLS connection detected!
Post by: Asyn on February 10, 2013, 12:34:48 PM
Did you try the beta yet..??
Title: Re: SSL/TLS connection detected!
Post by: esamax on February 11, 2013, 02:23:01 AM
forget the 993 popups - according to GMail you should leave the SSL checked
Title: Re: SSL/TLS connection detected!
Post by: specimen9999 on February 11, 2013, 01:47:45 PM
forget the 993 popups - according to GMail you should leave the SSL checked

In the current stable release of Avast! (not the Beta, as it works differently there) this is not correct IF you want Avast! to scan your incoming email, as such Avast! acts as the email client itself and makes the secure (SSL) connection, and then routes it to the email client, so as far GMail is concerned (and they are correct) the email client is really Avast! proxy, which indeed has SSL enabled.

The confusion arises from the fact that in the email client you configure the actual server address instead of a local proxy, when in fact you are using a local proxy, albeit a so called 'transparent' one.
Title: Re: SSL/TLS connection detected!
Post by: vladan on February 18, 2013, 12:13:26 AM
as mac user, i edited hosts file

sudo nano /private/etc/hosts
added
173.194.67.109  imap.gmail.com
(ctrl-o,ctrl-x) to save file

after that add secured server is successful

 if you open again hosts file you will noticed 2 entries:

173.194.67.109  imap.gmail.com  # Added by avast!

now all servers are there,but warnings are still popping up sometimes (not completely solved)

for gmail imap access i am using outlook for mac

hope this helps a little bit

rgds


Title: Re: SSL/TLS connection detected!
Post by: tumic on February 26, 2013, 04:49:10 PM
Starting with avast! version 38397, the SSL handling has been completely reworked and there are no more "SSL warnings" and no required steps to make the mailshield work with SSL. Please upgrade to the latest version of avast!.