cancel
Showing results for 
Search instead for 
Did you mean: 

Error checking mail - Unable to parse TLS packet header

ab3062
Tuning in

Hi 

Can anyone help me.

I connect to an IMAP server based in New Zealand using SSL 993 (inbound) and 465 (outbound) using my mobile phone on Vodafone / O2 networks. All works fine.  I switch to Virgin Media network (wired / wireless) and I get the error message, 'Error checking mail. Error connecting: Unable to parse TLS packet header."

This started this week. All has been working for years but now I cannot connect via my phone (wireless) or my pc (wired) to retrieve email. 

Tried to call Virgin but the representative was not helpful and dropped the call. 

Thanks anyone who can help.  Andy

18 REPLIES 18

用心棒
Very Insightful Person
Very Insightful Person

It would be helpful to know the IMAP server's URL

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Hi 

Thank you for responding 

mail.digiweb.net.nz for IMAP inbound and SMTP. Port 993 SSL and 465 SSL outbound. 

Works perfectly on O2 and Vodafone but fails on Virgin Media broadband wireless or wired.

Any help greatly appreciated. Thank you. Andy 

用心棒
Very Insightful Person
Very Insightful Person

Not seeing the same issue when connecting to mail.digiweb.net.nz; not much help to you, I know, but does suggest a localised issue.

On your PC open a Command Shell or Terminal window and enter the following command to connect to mail.digiweb.net.nz:

curl -v imaps://mail.digiweb.nz

Review and redact any personal information from the resulting output and post here, for example (redaction shown in red for clarity):

C:\Users\[redacted]>curl -v smtps://mail.digiweb.net.nz
* Rebuilt URL to: smtps://mail.digiweb.net.nz/
*   Trying 202.174.80.113...
* TCP_NODELAY set
* Connected to mail.digiweb.net.nz (202.174.80.113) port 465 (#0)
* schannel: SSL/TLS connection with mail.digiweb.net.nz port 465 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 184 bytes...
* schannel: sent initial handshake data: sent 184 bytes
* schannel: SSL/TLS connection with mail.digiweb.net.nz port 465 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with mail.digiweb.net.nz port 465 (step 2/3)
* schannel: encrypted data got 2896
* schannel: encrypted data buffer: offset 2896 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with mail.digiweb.net.nz port 465 (step 2/3)
* schannel: encrypted data got 858
* schannel: encrypted data buffer: offset 3754 length 4096
* schannel: sending next handshake data: sending 214 bytes...
* schannel: SSL/TLS connection with mail.digiweb.net.nz port 465 (step 2/3)
* schannel: encrypted data got 107
* schannel: encrypted data buffer: offset 107 length 4096
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with mail.digiweb.net.nz port 465 (step 3/3)
* schannel: stored credential handle in session cache
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 101
* schannel: encrypted data buffer: offset 101 length 103424
* schannel: decrypted data length: 25
* schannel: decrypted data added: 25
* schannel: decrypted data cached: offset 25 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 25 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 25
* schannel: decrypted data buffer: offset 0 length 102400
< 220 mail.digiweb.net.nz
> EHLO [Redacted]
* schannel: client wants to read 102400 bytes
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 197
* schannel: encrypted data buffer: offset 197 length 103424
* schannel: decrypted data length: 112
* schannel: decrypted data added: 112
* schannel: decrypted data cached: offset 112 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 112 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 112
* schannel: decrypted data buffer: offset 0 length 102400
< 250-mail.digiweb.net.nz Hello [redacted]
< 250-SIZE 31457280
< 250-AUTH LOGIN CRAM-MD5
< 250-8BITMIME
< 250 OK
> HELP
* schannel: client wants to read 102400 bytes
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 101
* schannel: encrypted data buffer: offset 101 length 103424
* schannel: decrypted data length: 29
* schannel: decrypted data added: 29
* schannel: decrypted data cached: offset 29 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 29 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 29
* schannel: decrypted data buffer: offset 0 length 102400
< 502 Command not implemented
* Command failed: 502
> QUIT
* schannel: client wants to read 102400 bytes
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 117
* schannel: encrypted data buffer: offset 117 length 103424
* schannel: decrypted data length: 42
* schannel: decrypted data added: 42
* schannel: decrypted data cached: offset 42 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 42 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 42
* schannel: decrypted data buffer: offset 0 length 102400
< 221 Service closing transmission channel
* Closing connection 0
* schannel: shutting down SSL/TLS connection with mail.digiweb.net.nz port 465
* schannel: clear security context handle
curl: (56) Command failed: 502

 

Hi 

Output as follows:

curl -v imaps://mail.digiweb.net.nz

*   Trying 202.174.80.113...

* TCP_NODELAY set

* Connected to mail.digiweb.net.nz (202.174.80.113) port 993 (#0)

* successfully set certificate verify locations:

*   CAfile: /etc/ssl/cert.pem

  CApath: none

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number

* Closing connection 0

curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number

Thanks again. 

 

用心棒
Very Insightful Person
Very Insightful Person

Can you repeat the previous curl command but with Web Safe turned off.

FYI: in its default configuration Web Safe blocks access to http://nordvpn.com, to confirm its status type the following command:

curl -I http://nordvpn.com

If the returned Location value is:

Graham_A
Very Insightful Person
Very Insightful Person

@用心棒 wrote:

Can you repeat the previous curl command but with Web Safe turned off.

FYI: in its default configuration Web Safe blocks access to http://nordvpn.com, to confirm its status type the following command:

curl -I http://nordvpn.com

If the returned Location value is:


I have been keeping an eye on this thread as a learning opportunity.  Where does nordvpn come into play?  I can't see any reference in the previous posts.

You asked for the previous curl query to be done on the SMTP server but the reply seems to indicate a query against the IMAP server.  Could that add to the confusion?

 

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Please read the FAQs
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

用心棒
Very Insightful Person
Very Insightful Person

Running curl against nordvpn.com positively confirms Web Safe is off; that is its only role here. 

Hi - results below. web safe is turned off (from my understanding)

 

curl -I http://nordvpn.com

HTTP/1.1 301 Moved Permanently

Date: Sun, 28 Feb 2021 09:12:17 GMT

Connection: keep-alive

Cache-Control: max-age=3600

Expires: Sun, 28 Feb 2021 10:12:17 GMT

Location: https://nordvpn.com/

cf-request-id: 08898201b6000040c0b734a000000001

Server: cloudflare

CF-RAY: 628905e2bc2b40c0-LHR

And when I run curl to the imap server via Vodafone (hotspot to my mobile) I get the following. (The address for the incoming and outgoing servers is the same. mail.digiweb.net.nz)

curl -v imaps://mail.digiweb.net.nz

*   Trying 202.174.80.113...

* TCP_NODELAY set

* Connected to mail.digiweb.net.nz (202.174.80.113) port 993 (#0)

* successfully set certificate verify locations:

*   CAfile: /etc/ssl/cert.pem

  CApath: none

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384

* Server certificate:

*  subject: CN=*.digiweb.net.nz

*  start date: Apr  5 00:00:00 2020 GMT

*  expire date: Jul  2 12:00:00 2022 GMT

*  subjectAltName: host "mail.digiweb.net.nz" matched cert's "*.digiweb.net.nz"

*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=RapidSSL RSA CA 2018

*  SSL certificate verify ok.

< * OK IMAP4rev1 SmarterMail

> A001 CAPABILITY

< * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 UIDPLUS QUOTA XLIST CHILDREN

< A001 OK CAPABILITY completed

> A002 LIST "" *

< A002 BAD LIST not allowed in NonAuthenticated state

> A003 LOGOUT

< * BYE IMAP4rev1 Server logging out

< A003 OK LOGOUT completed

* Closing connection 0

* TLSv1.2 (OUT), TLS alert, close notify (256):

curl: (21) Quote command returned error