Date: Mon, 14 Feb 2005 12:16:27 -0500 From: Keith Nunn <kapn@kapn.net> To: freebsd-isp@freebsd.org Subject: Cyrus imap TLS and SSL Message-ID: <4210DCEB.5010909@kapn.net>
next in thread | raw e-mail | index | archive | help
I'm new to e-mail setups at this level, but have some familiarity with the basics. I've spent days poring over what docs I can find and HOWTOs for any number of setups involving Cyrus IMAP. What I have been utterly unable to figure out is how to get secure connections working on my machine. The relevant entries for imapd offer valid certificates and TLS is working for Sendmail. imapd.conf: sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 tls_cert_file: /usr/local/certs/cyrus-global.pem tls_key_file: /usr/local/certs/private/cyrus-global.key tls_ca_file: /usr/local/certs/cyrus-global.pem tls_ca_path: /usr/local/certs/ tls_session_timeout: 1440 tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH CAPABILITY reports: S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR a local test with: imtest -s -a kapn -m login -p imap -v localhost fails thus: starting TLS engine setting up TLS connection SSL_connect:before/connect initialization write to 080652C0 [08083000] (100 bytes => 100 (0x64)) 0000 16 03 01 00 5f 01 00 00|5b 03 01 42 10 db e2 13 0010 57 f9 cb 4d 90 42 67 d2|d4 31 46 5f 8a ec a5 69 0020 ec da 60 3e f9 fa 5d 0c|38 92 49 00 00 34 00 39 0030 00 38 00 35 00 16 00 13|00 0a 00 33 00 32 00 2f 0040 00 66 00 05 00 04 00 63|00 62 00 61 00 15 00 12 0050 00 09 00 65 00 64 00 60|00 14 00 11 00 08 00 06 0060 00 03 01 0064 - <SPACES/NULS> SSL_connect:SSLv3 write client hello A read from 080652C0 [0807A000] (5 bytes => 5 (0x5)) 0000 2a 20 4f 4b 0005 - <SPACES/NULS> write to 080652C0 [08089000] (7 bytes => 7 (0x7)) 0000 15 20 4f 00 02 02 46 SSL3 alert write:fatal:protocol version SSL_connect:error in SSLv3 read server hello A -1 SSL_connect error -1 SSL session removed failure: TLS negotiation failed! I'm more than willing to be told I'm a dope and am missing obvious, but I'd really love suggestions if you have any. kapn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4210DCEB.5010909>