Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4907
  • Last Modified:

Eudora 7.1 SSL suddenly rejects certificate, stops connecting

Hi:

I'm running Eudora 7.1 on a Windows XP system and on a Windows 7 system. I use it extensively for all email, including client correspondence.

I am configured to use SSL to connect to the hostgator mail server for my account. Server and port options are configured correctly per hostgator.

Eudora has worked fine like this for years. Starting this morning it fails consistently in the same manner on both systems with a rejected certificate error message. Hostgator said that the last SSL version 3 upgrade was October 14, a week ago and that no changes were made to servers this morning.

The Eudora error message is:
    SSL Negotiation Failed: Unknown Error
    Certificate bad: Destination Host name does not match  host name in certificate
    But ignoring this error because Certificate is trusted
    The connection with the server has been lost. Cause:  (200).

Certificate info includes:
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Public Key Algorithm: rsaEncryption
Valid dates: 2000 to 2020.

Hostgator's tools confirm the cert is correct and safe.

In the Eudora Certificate Manager, I specified the cert as trusted per:


This results in two entries for the cert:
Server Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO
User Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO

I can find no way to delete the untrusted version.

I can connect ok with standard ports and a non-SSL connection. Note that I can still connect with the K-9 email client with SSL on Android - no problems. Sadly, this points to Eudora as the problem.

Here's a report of a similar problem:
http://www.emaildiscussions.com/showthread.php?t=62923

There is no update or replacement for Eudora. Several years ago, Mozilla Thunderbird was passed off as a Eudors replacement, but it lacks compatible functionality. Neither client is supported anymore. I would really, really appreciate help in getting this problem fixed.

Thanks,

Fred
0
fredo783
Asked:
fredo783
  • 4
  • 4
  • 3
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
In the last week or so, the way that SSL/TLS encryption is handled has changed pretty much worldwide because of a security hole they just found.  If there is a setting for it in Eudora, unselect SSL 3 and select TLS.  TLS replaced SSL about 18 years ago...
0
 
fredo783Author Commented:
Thanks, Dave. Good advice, but for now I'm stuck with SSL. Here is more information on the problem:

Hostgator finally said that they updated certificates on the server, thus causing the problem with Eudora.

I installed Thunderbird and can connect ok with SSL. Also, I can connect with SSL via an Android pop email app. So the problem is most likely with Eudora.

I can specify StartTLS with Eudora, but not on my shared hosting account. I can install a private certificate on the server and then connect with StartTLS. However, support says that sometimes StartTLS will not work even then.

So, has anyone dealt with this problem with Eudora? Have they successfully used StartTLS with a private certificate?
0
 
Dave BaldwinFixer of ProblemsCommented:
Most hosting companies upgraded either there certificates or their SSL/TLS process in the last week.  I haven't had Eudora for at least 5 years now.  But 'stuck with SSL'?  It's been years since anyone has issued an SSL certificate as far as I know.  They are all TLS now.  The problem discovered recently was that the 'downgrade' negotiation from TLS to SSLv3 was flawed so everyone has stopped allowing it.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
fredo783Author Commented:
I must purchase a private cert. Then I can use StartTLS, but there is a chance it won't work.

BTW, what email client have you found that offers the functionality of Eudora?
0
 
Dave BaldwinFixer of ProblemsCommented:
Frankly, the last version of Eudora that I had was unusable.  It would not display HTML emails and had some other problems.  It may have been Eudora 6 about 2007.  I don't really know what you mean by "the functionality of Eudora".

I use Thunderbird for most of my business though I have Outlook Express and SeaMonkey also.  I also have Outlook on a few machines that have Microsoft Office.
0
 
fredo783Author Commented:
Dave:

Thanks for comments. I have upgraded the account and obtained a private cert. The next step will be to test Eudora using starttls.

I evaluated thunderbird two years ago and found some Eudora features that are really nice which thunderbird seems to lack. I will do a full reevaluation as time permits.

You are right about Eudora not displaying all html email correctly. Unfortunately, both Eudora and Thunderbird are essentially unsupported products at this time.

The forum is nagging me to close this issue. So even though I have not completed testing, let me close the issue at this time.

Thanks,

Fred
0
 
Dave BaldwinFixer of ProblemsCommented:
I still get updates for Thunderbird and the new versions are available on their web site.

https://www.mozilla.org/en-US/thunderbird/
0
 
vanitopanCommented:
I have the same problem as Fredo783.
My question is how can I obtain a private cert and how to (I think) install it in Eudora.
I use Eudora 7.1.0.6 on a laptop with win 7

I hope to get an answer.
Migrate to Mozilla Thunderbird was not quite successful. The possibilities of the "old" Eudora is still very good for me.
Excuse me if I make some English mistakes, I am Dutch and I do not often write in English
Herman
0
 
fredo783Author Commented:
Vanitopan:

Eudora is a very powerful and flexible email client. I also tried Thunderbird and was not satisfied with it.

Regarding certificates, you do not need a private certificate to run Eudora. In light of security issues, many ISPs have been reissuing SSL /TLS certificates. If Eudora fails because of a rejected certificate, you can tell it to accept the new certificate. The procedure is iterative - you have to accept certificates multiple times.

Open the Eudora personalities window, then right click on the relevant personality, and select Properties. Then on the incoming mail tab, click on the option to see info for the last SSL connection. Then click on the option to go to the certification manager.

In the certificate manager, you will see the certificate chain. This most likely consists of several certificates. You have to accept each one. You can click on the + icon to see additional levels of certificates. Click on all of them to see the entire chain.

If a certificate is trusted, you will see a happy face icon. Certificates that are not trusted have a skull icon. To accept an untrusted certificate, click on it and tell Eudora to trust it. Then close the certificate manager. Then repeat the process: check or send email and then navigate back to the certificate manager to accept additional certificates.

I found this information on the excellent eudora-win discussion list at listmoms.net.

Hope this helps,

Fred
0
 
vanitopanCommented:
I have found a solution for me. It words without getting a cert.
It is rather simple:
see:
http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/
0
 
vanitopanCommented:
Fred

Thanks for your answer.
That I have tried, but it did not work!
When I click on the option for the ssl cert I get the message:
"You have never done any SSL negotiation with any personality since the last time you started Eudora"

Looking further on the Internet I found the simple solution in my last post and the result is that i can send end receive mails again.
(see http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/)

So my problem is solved!
Thanks again!
Have an nice day

Herman
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now