Author Topic: SSL/TLS connection detected!  (Read 82589 times)

0 Members and 1 Guest are viewing this topic.

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
SSL/TLS connection detected!
« on: July 18, 2012, 03:52:40 PM »
Q: "I get annoying popups about SSL/TLS connections detected, how do I get rid of them?"


A: The popup appears whenever a mail client connects to a mailserver using an encrypted (SSL) connection that the mailshield can not scan. You have to disable SSL in your mail client and enable it in the mailshield preferences to let the mailshield scan the connections and still connect encrypted to the mail server.

To disable SSL in Apple Mail client, go to "Preferences->Accounts->Advanced" and disable the "Use SSL" checkbox.

Then go to the avast! preference pane in the system preferences and select the SSL tab in the mailshield advanced options and add the mailserver to the "Secured servers" list. The mailserver address to add is the value of the "Incoming Mail Server" field on the "Account Information" tab in the Apple Mail Account preferences.



For most mail servers like Google's gmail, this is all you have to do. If you now get a "SSL certificate error", see the following post.
« Last Edit: February 26, 2013, 04:49:25 PM by tumic »

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: SSL/TLS connection detected!
« Reply #1 on: July 18, 2012, 04:11:02 PM »
If you get the following popup after adding the mail server to the secured servers list

You have to add the SSL certificate the mailserver is using to the "System" keychain

Offline Gottesfreunde

  • Newbie
  • *
  • Posts: 2
Re: SSL/TLS connection detected!
« Reply #2 on: July 19, 2012, 11:43:25 PM »
Ok... uhm, this is pretty confusing. I use Gmail and Comcast. I have one account under Comcast.net and three under Gmail.

I have no idea what a "mail server" should be typed in as. I typed in "gmail.com" into the "secured servers" in the preferences pane of avast! and ip addresses (I assume) were then filled in, and it did the same for "comcast.net". When I did that, the messages went away referencing the SSL problem (I unchecked SSL in my Apple Mail app in their preferences.)

However, I'm still not sure if this was correct, and honestly, now, I'm frustrated to the point that I wish I had not installed this app on my system. I have no clue, whatsoever, how to or what to, do in my keychain file. Why can't the app simply set this stuff up for me????!!! I am left wondering if I have just unsecured my system rather than secured it, at least related to my email.

If this is what one has to do to make this program operate correctly (a big whopping hassle) then at least a very clear, succinct, step by step guide, with pictures, would be highly useful.




Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: SSL/TLS connection detected!
« Reply #3 on: July 21, 2012, 01:26:30 PM »
I have no idea what a "mail server" should be typed in

The mailserver address to add is the value of the "Incoming Mail Server" field on the "Account Information" tab in the Apple Mail Account preferences.

I have no clue, whatsoever, how to or what to, do in my keychain file.

There is nothing to do with your keychain for gmail or comcast, the required certificates are already there. If they were missing, you would get the "SSL certificate error".
« Last Edit: July 21, 2012, 07:33:33 PM by tumic »

Offline TAC

  • Newbie
  • *
  • Posts: 1
Re: SSL/TLS connection detected!
« Reply #4 on: July 23, 2012, 11:13:16 PM »
I join the chorus.  The complexity and hassle of getting rid of those SSL messages is not something that I have the technical skill or time to bother with.  Hopefully I can use the Uninstall program and get this program removed from my computer.  This is an insane hassle to put users through!

Offline Gottesfreunde

  • Newbie
  • *
  • Posts: 2
Re: SSL/TLS connection detected!
« Reply #5 on: July 23, 2012, 11:46:23 PM »
While I appreciate free programs, the hassle of the set up of this app was more time consuming to me than any "virus" has been. I have had Macs for ever, the last time I had a virus was the 666 under OS 9... I had other things in my "Hosts" file that Avast! completely deleted, and it was lucky that I had a back up to restore it. Between the screwups that caused to my system, and the hassle of trying to figure this situation out, I figured I would stay with the very easy and very non-intrusive ClamXav... which is also free. I deleted Avast! from my system through the uninstall.

On a side note... developers constantly make the mistake of creating software for the Mac that requires too much fiddling. They forget the fact that many Mac users have their systems specifically because they require so little fiddling... preferring to spend that time completing real work. While malware and virus' may be on the rise for Macs, they are far more difficult to get than if you are on a Wintel machine. The amount of time this program requires to set it up, to fix what it does your system without forewarning you, is too costly for me.

Offline Stephen Scheaffer

  • Newbie
  • *
  • Posts: 6
Re: SSL/TLS connection detected!
« Reply #6 on: August 06, 2012, 07:49:07 PM »
Turmic,

I am still getting the SSL message. What needs to be added to the keychain. I do see your screenshot but what is added. My incomming server is imap.gmail.com and pop.gmail.com.
thanks,

Steve

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: SSL/TLS connection detected!
« Reply #7 on: August 07, 2012, 11:14:03 AM »
Turmic,

I am still getting the SSL message. What needs to be added to the keychain. I do see your screenshot but what is added. My incomming server is imap.gmail.com and pop.gmail.com.
thanks,

Steve

What SSL message? If You get the "SSL/TLS connection detected!" warning (orange), then the problem is that You have SSL enabled in Your mail client that prevents the mailshield to scan the traffic. The solution is to simply switch SSL off in your mail client, for Apple Mail, You can see the corresponding switch on the picture in the first post in this thread.

There is nothing to do with Your keychain for Gmail or any other "big" mail provider, those servers are signed by a authority that has its certificate in the Mac OS X "System root" keychain by default.

Offline Stephen Scheaffer

  • Newbie
  • *
  • Posts: 6
Re: SSL/TLS connection detected!
« Reply #8 on: August 07, 2012, 01:59:52 PM »
Sorry I wasn't clearer. I have shut off SSL in mail. I am getting the warning about the certificate.
Thanks

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: SSL/TLS connection detected!
« Reply #9 on: August 09, 2012, 10:56:30 AM »
Please look into the system log (/var/log/system.log), there will be more info about what's wrong and post it here.

Offline Stephen Scheaffer

  • Newbie
  • *
  • Posts: 6
Re: SSL/TLS connection detected!
« Reply #10 on: August 09, 2012, 09:54:56 PM »
I have a feeling this is what you are looking for.

Aug  9 15:28:49 Steves-Office-iMac proxy[35837]: No common name matching host name (imap.gmail.com) found in peer certificate!

Offline booklady

  • Newbie
  • *
  • Posts: 2
Re: SSL/TLS connection detected!
« Reply #11 on: August 09, 2012, 10:48:53 PM »
I had no trouble following the directions here, but when done my email program, Outlook, says it can't find the server.  It says: "Connection to the server failed or was dropped."  What else needs to happen?

Offline booklady

  • Newbie
  • *
  • Posts: 2
Re: SSL/TLS connection detected!
« Reply #12 on: August 09, 2012, 10:52:12 PM »
In the meantime, I went back to the SSL checkmarks, undid the list for Avasti, and then fixed it so nothing pops up.  It can just do its warnings in the background.

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: SSL/TLS connection detected!
« Reply #13 on: August 09, 2012, 11:42:16 PM »
I have a feeling this is what you are looking for.

Aug  9 15:28:49 Steves-Office-iMac proxy[35837]: No common name matching host name (imap.gmail.com) found in peer certificate!

Yes, that's it. But the error is very strange for imap.gmail.com as the server has for sure a correct certificate. Can you post here the content of your /etc/hosts file? The answer may be there.

Offline Stephen Scheaffer

  • Newbie
  • *
  • Posts: 6
Re: SSL/TLS connection detected!
« Reply #14 on: August 09, 2012, 11:57:19 PM »
what directory would I find that in?