2.3.11 STARTTLS broken if tls_ca_file is defined
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Wed Jan 16 13:38:58 EST 2008
-- jc.duss59 at laposte.net is rumored to have mumbled on 16. Januar 2008
18:03:50 +0100 regarding Re: 2.3.11 STARTTLS broken if tls_ca_file is
defined:
> It works on SSL (port 993).
> It doesn't works on port 143 with TLS.
That makes sense, because AFAIK port 143 is for TLSv1 only. If the client
tries anything but TLSv1 on port 143, that should cause an error.
> Doing some change on ssl in about:config of thunderbird gave me
> differents logs : Jan 16 17:53:27 imaptest imap[35698]: accepted
> connection
> Jan 16 17:53:27 imaptest imap[35698]: imapd:Loading hard-coded DH
> parameters Jan 16 17:53:27 imaptest imap[35698]: SSL_accept() incomplete
> -> wait Jan 16 17:53:59 imaptest imap[35698]: EOF in SSL_accept() -> fail
> Jan 16 17:53:59 imaptest imap[35698]: STARTTLS negotiation failed:
> [10.1.45.1]
OK, but what did you change? I can't verify if it works because I don't
have client certificates, but looking at my copy of Thunderbird the
following account settings *should* work:
Port 143, connect via TLS
Make sure that encryption is set to TLS and *not* to SSL in the account
settings ...
--
Sebastian Hagedorn - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
Universität zu Köln / Cologne University - Tel. +49-221-478-5587
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080116/7747d1b0/attachment-0001.bin
More information about the Info-cyrus
mailing list