From owner-freebsd-ports@FreeBSD.ORG Sat Oct 6 00:31:01 2007 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D23016A417; Sat, 6 Oct 2007 00:31:01 +0000 (UTC) (envelope-from mandrews@bit0.com) Received: from mindcrime.bit0.com (bit0.com [207.246.88.211]) by mx1.freebsd.org (Postfix) with ESMTP id D237D13C461; Sat, 6 Oct 2007 00:31:00 +0000 (UTC) (envelope-from mandrews@bit0.com) Received: from fred.int.bit0.com (nat.bit0.com [207.246.88.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mindcrime.bit0.com (Postfix) with ESMTP id EFB671E3336; Fri, 5 Oct 2007 20:14:39 -0400 (EDT) Message-ID: <4706D36D.8070103@bit0.com> Date: Fri, 05 Oct 2007 20:14:37 -0400 From: Mike Andrews User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Edward Buck References: <47066CFE.20301@bashware.net> <4706D1B4.8090803@bashware.net> In-Reply-To: <4706D1B4.8090803@bashware.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: ports@FreeBSD.org, oliver@FreeBSD.org Subject: Re: FreeBSD Port: courier-imap-4.2.0 ssl failure on port 993 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Oct 2007 00:31:01 -0000 Edward Buck wrote: > Edward Buck wrote: >> This is regarding the recent update courier-imap-4.2.0. >> >> Not sure if something has changed in functionality or perhaps there was >> an incompatible configuration change but the update broke my imaps >> setup. I admit that my SSL libraries might be the problem since there >> was recently a security update for SSL. >> >> I updated SSL using freebsd-update (binary updates) which before today >> has been pretty reliable. Afterwards, my old courier-imap still worked >> fine (perhaps because it was still using the old libraries?). Then last >> night, I updated courier and imaps stopped working (I don't run anything >> on the standard imap port). >> >> The error is: >> >> Oct 5 09:40:00 kafka imapd-ssl: couriertls: connect: error:1408F10B:SSL >> routines:SSL3_GET_RECORD:wrong version number > > Here's an update on this issue. I forgot to mention earlier than the > system is FreeBSD 6.2 p8. > > The problem seems to be specific to imapd-ssl running on port 993. I > didn't spend a lot of time troubleshooting different clients. Previous > to the update, I used Thunderbird with SSL/port 993 without problems. > Strangely, Korn (KDE mail notifier) seemed to work okay on port 993. It > could be a client thing but I suspect they just default to different SSL > versions. > > TLS works just fine on port 143, which is the configuration I've been > meaning to switch to for some time. The update forced the issue and > thus, this problem is not really one anymore. But for those who are > still using imaps on port 993, the update (either the courier-imap > update or the SSL update) may cause some problems. I ran into this yesterday. Changing TLS_PROTOCOL=SSL3 to =SSL23 in /usr/local/etc/courier-imap/imapd-ssl (and pop3d-ssl) fixed it. In my case it was client-specific: Pine, and Nagios' check_imap plugin, would generate that exact error... but Thunderbird 2.0 would be fine. I didn't test any other clients. Some Googling showed that this was a change in Courier, not FreeBSD specific -- but it might be worth a note in /usr/ports/UPDATING?