[openssl-users] OpenSSL and iCloud

openssl at comaxis.com openssl at comaxis.com
Mon Jan 5 22:24:34 UTC 2015

> On Jan 5, 2015, at 12:01 PM, openssl at comaxis.com wrote:
>> Are there any known problems using OpenSSL with iCloud?  I am trying to
>> connect to imap.mail.me.com using port 993.  My call to SSL_Connect()
>> returns 0, with SSL_get_error() returing 1 (SSL_ERROR_SSL).  I am using
>> OpenSSL version 1.0.1h, running on Win32.  I can use this code with any
>> other IMAP server with no problems.
> Are you able to connect using the openssl s_client application? I can
> connect (to port 993, no starttls) with either 1.0.1j or 0.9.8za; perhaps
> s_client will give you a more diagnostic error message if it also fails
> for you.
I made a build of 1.0.1j but it made no difference to my application. In
fact, I *can* use "openssl s_client -connect" with iCloud.  Doing the same
thing with my own server (which my application works with) the only thing
I see different in the diagnostics provided by openssl is the cipher:
for imap.mail.me.com I get "AES256-GCM-SHA384" but with my own, I
get "ECDHE-RSA-AES256-GCM-SHA384".  Do I need to do something in the build
open OpenSSL to get support for AES256, or something different in my code
that uses SSL?  I would assume the latter, since the openssl utility is
using my brand new builds of the ssl dlls.  Here is what I am doing (with
error checking removed):

wsprintf (seed,"%lx%lx", GetCurrentProcessId(), time(0));
RAND_seed (seed, strlen(seed));
ctx = SSL_CTX_new(meth);

ssl = SSL_new(ctx);
sbio = BIO_new_socket(gSocket, BIO_NOCLOSE);
SSL_set_bio(ssl, sbio, sbio);
ret = SSL_connect(ssl);

More information about the openssl-users mailing list