Hi, I have a security-related feature request. As far as I can tell DC on iOS does not support TLS 1.3
I’m running my IMAP server on TLS 1.3 only. Android and flatpak clients can log in but on iOS the TLS handshake fails with the following error:
dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 0 secs):
Delta Chat: Error: error code -9806
I’m running Delta Chat v.1.32.0 on iOS 16.
In general it looks like DeltaChat stoped or never did sending SNI during request to server, so server replies with default certificate, which creates error during TLS handshkae.
When a client does not send the Server Name Indication (SNI) extension during a TLS handshake, the server cannot determine which hostname the client is trying to reach if it hosts multiple secure websites on a single IP address. This leads to a certificate mismatch error and a failed connection.
The most effective solution is to upgrade the DeltaChat or application library to a modern version that supports SNI.