/mail/community?hl=en
This content is likely not relevant anymore. Try searching or browse recent questions.
POP3: "Invalid server certificate (The certificate cannot be used for this purpose)."
2
Hello.

Today I got a problem with POP3 access.
Client: The Bat v.8.8.9 and v.9.1.6 (latest version).
Client log:

 07.04.2020, 20:59:28: FETCH - receiving mail messages
 07.04.2020, 20:59:28: FETCH - Connecting to POP3 server pop.gmail.com on port 995
 07.04.2020, 20:59:28: FETCH - Initiating TLS handshake
>07.04.2020, 20:59:28: FETCH - Certificate S/N: 0E884B385836D5690800000000320BE3, algorithm: ECC (256 bits), issued from 3/3/2020 9:58:11 AM to 5/26/2020 9:58:11 AM, for 1 host(s): pop.gmail.com.
>07.04.2020, 20:59:28: FETCH - Owner: "US", "California", "Mountain View", "Google LLC", "pop.gmail.com".
>07.04.2020, 20:59:28: FETCH - Issuer: "US", "Google Trust Services", "GTS CA 1O1". Valid from 6/15/2017 12:00:42 AM to 12/15/2021 12:00:42 AM.
>07.04.2020, 20:59:28: FETCH - Root: "GlobalSign Root CA - R2", "GlobalSign", "GlobalSign". Valid from 12/15/2006 8:00:00 AM to 12/15/2021 8:00:00 AM.
!07.04.2020, 20:59:28: FETCH - TLS handshake failure. Invalid server certificate (The certificate cannot be used for this purpose).

With "algorithm ECC (256 bits)" in log, receiving mail does not work.
Worked fine a few days ago with "algorithm RSA (2048 bits)".

============================
Update 09-Apr-2020.
============================

Solutions:

On some servers pop.gmail.com and smtp.gmail.com Google used new certificate.
In all versions of The Bat! up to 9.1.6 inclusive this certificate is not supported.
Need to update The Bat! to version 9.1.12 from the official website www.ritlabs.com.

For older versions of The Bat! (7.x, 8.x) you can use the stunnel program -
https://www.ritlabs.com/ru/forums/forum3/topic3351/

The presets for gmail.com are already in the stunnel configuration.

============================
Update 12-Apr-2020.
============================

Solutions:

For The Bat! versions 8.5.6.2 Beta / 8.5.8 Release and above you may use command line parameter /tls_disable_ecdhe

The gmail-connection will be established using the RSA algorithm.
Details
Pinned
Locked
Latest Update Latest Updates (0)
Relevant Answer Relevant Answers (0)
All Replies (41)
Relevant Answer
Same issue. Intermittent. VPNing can help for awhile, which is puzzling. But inconsistent all around. Happens with both POP and SMTP.
marked this as an answer
Relevant Answer
The RSA certificate https://crt.sh/?id=2528346226 has both "Digital Signature" and "Key Encipherment" while the ECC one https://crt.sh/?id=2528368628 does only have "Digital Signature" without "Key Agreement".

The ECC key in TLS ECDHE cipher suites is not used for "Key Agreement", there is a different ephemeral key used for that, not that one from the certificate. So the Google certificate with "Digital Signature" only is correct.

We have to wait for a new version of The Bat!
marked this as an answer
Relevant Answer
I've got the same issue. Looking for a resolution or any guideline... Thanks
marked this as an answer
Relevant Answer
This works for me:

change the smtp.gmail.com into   
smtp.googlemail.com
and change the pop.gmail.com into 
pop.googlemail.com

Send mail:
smtp.googlemail.com
Secure to dedicated port (TLS)
Port: 465

receive mail:
pop.googlemail.com
Secure to dedicated port (TLS): Yes
Port: 995

 The Bat! Professional Edition v8.8.9
marked this as an answer
Relevant Answer
The next problem with old The Bat! version. One of my e-mail servers increased security settings and now only these ciphers are supported:

tls1_2: ECDHE-RSA-AES256-GCM-SHA384
tls1_2: DHE-RSA-AES256-GCM-SHA384
tls1_2: ECDHE-RSA-AES128-GCM-SHA256
tls1_2: DHE-RSA-AES128-GCM-SHA256

So I have to upgrade to 9.1 version (https://www.ritlabs.com/en/news/7332/) or I have to use the stunnel. For now I configured the stunnel but it looks like I will be forced to upgrade :(
marked this as an answer
This question is locked and replying has been disabled.
Discard post? You will lose what you have written so far.
Write a reply
10 characters required
Failed to attach file, click here to try again.
Discard post?
You will lose what you have written so far.
Personal information found

We found the following personal information in your message:

This information will be visible to anyone who visits or subscribes to notifications for this post. Are you sure you want to continue?

A problem occurred. Please try again.
Create Reply
Edit Reply
This will remove the reply from the Answers section.
Notifications are off
Your notifications are currently off and you won't receive subscription updates. To turn them on, go to Notifications preferences on your Profile page.
Report abuse
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
Report post
What type of post are you reporting?
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
This reply is no longer available.
/mail/threads
//accounts.google.com/ServiceLogin
You'll receive email notifications for new posts at
Unable to delete question.
Unable to update vote.
Unable to update subscription.
You have been unsubscribed
Deleted
Unable to delete reply.
Removed from Answers
Removed from Updates
Marked as Recommended Answer
Marked as Update
Removed recommendation
Undo
Unable to update reply.
Unable to update vote.
Thank you. Your response was recorded.
Unable to undo vote.
Thank you. This reply will now display in the answers section.
Link copied
Locked
Unlocked
Unable to lock
Unable to unlock
Pinned
Unpinned
Unable to pin
Unable to unpin
Marked
Unmarked
Unable to mark
Reported as off topic
Known Issue
Fixed
Marked Fixed
Unmarked Fixed
Unable to mark fixed
Unable to unmark fixed
/profile/0
false
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
17
false