We use cookies on our site to give you the best experience.
Accept
Reject
Manage your cookies
Skip to content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

email support

Ask us about your TalkTalk email account and Webmail.

Attention all pipex/tiscali mail users

cmhuddart101
Popular Poster
Private Message

on ‎01-05-2023 11:24 PM

Message 4 of 4

Hi the recent change made by talktalk to "enforce encrypted mail access" has broken the following tls1.3 capable mail client.

Thunderbird

Outlook

any android device 

it will also affect any tls1.3 capable devices and mail clients that support tls1.3.
The server is currently misconfigured for tls1.3 and sends tls1.2 to a cleint tls1.3 connect request as shown below.

Working imap connection to an imap server correctly configured for tls1.2
Frame 12: 1500 bytes on wire (12000 bits), 1500 bytes captured (12000 bits) on interface \Device\NPF_{A6ABBF3F-4835-41BB-9C1D-FE553DAF1657}, id 0
Ethernet II, Src: SkyUk_ec:ae:f1 (80:72:15:ec:ae:f1), Dst: RivetNet_18:ed:1d (9c:b6:d0:18:ed:1d)
Internet Protocol Version 4, Src: 213.120.69.1, Dst: 192.168.0.2
Transmission Control Protocol, Src Port: 993, Dst Port: 57371, Seq: 1, Ack: 518, Len: 1446
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 63
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 59
Version: TLS 1.2 (0x0303)
Random: bf73444ac65d629b2554b9884babce404dd1582837670d044c8774108446f2ab
Session ID Length: 0
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Compression Method: null (0)
Extensions Length: 19
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
[JA3S Fullstring: 771,49199,65281-35-11-23]
[JA3S: 92b5be817fd08957ff9f1384aa41f438]


Failing connection to mail.talktalk.net incorrectly configured to use tls1.3 

Frame 6: 1500 bytes on wire (12000 bits), 1500 bytes captured (12000 bits) on interface \Device\NPF_{A6ABBF3F-4835-41BB-9C1D-FE553DAF1657}, id 0
Ethernet II, Src: SkyUk_ec:ae:f1 (80:72:15:ec:ae:f1), Dst: RivetNet_18:ed:1d (9c:b6:d0:18:ed:1d)
Internet Protocol Version 4, Src: 153.92.174.228, Dst: 192.168.0.2
Transmission Control Protocol, Src Port: 993, Dst Port: 53655, Seq: 1, Ack: 518, Len: 1446
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 122
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 118
Version: TLS 1.2 (0x0303)
Random: 6294798c22ce2d0b8ce11f343f85c42943945e412ea87ad7882da911fb508060
Session ID Length: 32
Session ID: 5e88d87fcad63a2f5f80cf80e2711d564a3ca32448458f9f891635018d4b0c83
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Compression Method: null (0)
Extensions Length: 46
Extension: supported_versions (len=2)
Extension: key_share (len=36)
[JA3S Fullstring: 771,4866,43-51]
[JA3S: 15af977ce25de452b96affa2addb1036]
TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.3 Record Layer: Application Data Protocol: Internet Message Access Protocol
Opaque Type: Application Data (23)
Version: TLS 1.2 (0x0303)
Length: 27
Encrypted Application Data: 40e7b7469dbb3e53588826fb4d349ca927ee6ddf90d24d114f8b19
[Application Data Protocol: Internet Message Access Protocol]

 

nslookup imap.dsl.pipex.com


Name: imap.tt.xion.oxcs.net
Address: 153.92.174.228
Aliases: imap.dsl.pipex.com
oxmail.tiscali.co.uk
oxmail.talktalk.net


nslookup imap.dsl.pipex.com


Name: imap.tt.xion.oxcs.net
Address: 153.92.174.228
Aliases: imap.dsl.pipex.com
oxmail.tiscali.co.uk
oxmail.talktalk.net

Full member of IEEE.
Labels:
0 Likes
3 REPLIES 3

Ady-TalkTalk
Support Team
Staff
Private Message

on ‎22-05-2023 07:08 AM

Message 1 of 4

We're still waiting for a response from the email admins. I've sent another chaser this morning making this the 4th. 

 

Ady

Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.

0 Likes

Chris-TalkTalk
Support Team
Staff
Private Message

on ‎05-05-2023 02:18 PM

Message 2 of 4

Hi cmhuddart101,

 

I've escalated this, I'll let you know when I have an update


Thanks

Chris

Chris, Community Team 

Our latest Blog l Share your Ideas l Service Status l Help with your Service l Community Stars l Set your preferences

0 Likes

KeithFrench
Community Star
Private Message TalkTalk

on ‎02-05-2023 03:07 PM

Message 3 of 4

I think it would be far more readable if you just attached the Wireshark or other trace, rather than just giving a text output of the frame layer upwards.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes
© TalkTalk 2024