In Silverblue/Fedora 33, I created an IMAP/SMTP account in GOA but system-wide flatpak org.gnome.Evolution (fedora repo) refused to open that mailbox:
The reported error was "Failed to get capabilities: Error performing TLS handshake: A packet with illegal or unsupported version was received.".
I know this relates to:
https://fedoraproject.org/wiki/Change/StrongCryptoSettings2#Upgrade.2Fcompatibility_impact
I had a similar problem with another non-flatpak program, and it would run properly after changing my crypto policy:
$ update-crypto-policies --show
DEFAULT:FEDORA32
Within an Evolution container, crypto policy remains “DEFAULT”, so I tried various things to no effect:
-
flatpak run --env=G_TLS_GNUTLS_PRIORITY=LEGACY org.gnome.Evolution
(Actually, if I ran ldd against all shared objects descending from container’s /app, and nothing links directly to gnutls but I do see references to libssl) -
sudo flatpak override --system --filesystem=host-etc:ro --filesystem=host-os:roorg.gnome.Evolution
(no change after opening Evolution thereafter) -
DEFAULTflatpak run --filesystem=host-etc:ro --filesystem=host-os:ro --command=update-crypto-policies org.gnome.Evolution --show
It seems as if crypto policy is always inherited from Evolution’s runtime (org.fedoraproject.Platform/x86_64/f33).
Is there a way around this?