Thanks for your advise.<br />I had already tried it.<br /><br /><br />It works on SSL (port 993).<br />It doesn't works on port 143 with TLS.<br />Doing some change on ssl in about:config of thunderbird gave me differents logs :<br />Jan 16 17:53:27 imaptest imap[35698]: accepted connection<br />Jan 16 17:53:27 imaptest imap[35698]: imapd:Loading hard-coded DH parameters<br />Jan 16 17:53:27 imaptest imap[35698]: SSL_accept() incomplete -> wait<br />Jan 16 17:53:59 imaptest imap[35698]: EOF in SSL_accept() -> fail<br />Jan 16 17:53:59 imaptest imap[35698]: STARTTLS negotiation failed: [10.1.45.1]<br /><br /><br />Maybe it can help you?!<br /> <br /> <br /> <br /><br /><blockquote style="border-left: 2px solid #ff0000; padding-left: 5px; margin-left: 5px">> Message du 15/01/08 19:15<br />> De : "Patrick Boutilier" <br />> A : "Cyrus IMAP" <br />> Copie à : <br />> Objet : Re: 2.3.11 STARTTLS broken if tls_ca_file is defined<br />><br />> Sebastian Hagedorn wrote:<br />> > Hi,<br />> > <br />> > please don't write to me personally but keep this on the list instead.<br />> > <br />> > --On 15. Januar 2008 10:32:16 +0100 jc.duss59@laposte.net wrote:<br />> > <br />> >> Here is my log, when i try to open a connection in TLS.<br />> >><br />> >> Jan 15 10:29:54 imaptest master[1024]: about to exec<br />> >> /usr/local/cyrus/bin/imapd Jan 15 10:29:54 imaptest imap[1024]: executed<br />> >> Jan 15 10:29:54 imaptest imap[1024]: accepted connection<br />> >> Jan 15 10:29:54 imaptest imap[1024]: imapd:Loading hard-coded DH<br />> >> parameters Jan 15 10:29:54 imaptest imap[1024]: wrong version number in<br />> >> SSL_accept() -> fail Jan 15 10:29:54 imaptest imap[1024]: STARTTLS<br />> >> negotiation failed: [10.1.45.1] Jan 15 10:29:55 imaptest imap[1024]:<br />> >> accepted connection<br />> >> Jan 15 10:29:55 imaptest imap[1024]: wrong version number in SSL_accept()<br />> >> -> fail Jan 15 10:29:55 imaptest imap[1024]: STARTTLS negotiation failed:<br />> >> [10.1.45.1]<br />> >><br />> >> Thanks a lot for further information.<br />> > <br />> > OK, I guess that's helpful. The reason for the failure is this line:<br />> > <br />> > wrong version number in SSL_accept() -> fail<br />> > <br />> > Now the question is why that happens. This is the code that logs the line:<br />> > <br />> > case SSL_ERROR_SSL:<br />> > err = ERR_get_error();<br />> > if (err == 0) {<br />> > syslog(LOG_DEBUG, "protocol error in SSL_accept() -> fail");<br />> > } else {<br />> > syslog(LOG_DEBUG, "%s in SSL_accept() -> fail",<br />> > ERR_reason_error_string(err));<br />> > }<br />> > break;<br />> > <br />> > So the server notes an SSL error, logs it and drops the connection. The <br />> > cause for the error seems to be something like this:<br />> > <br />> > "Versions in client/server SSL records do not agree.<br />> > Probably your client sends SSL2 client_hello handshake<br />> > message and server is configured only for SSL3/TLS1.<br />> > In this situation server does not accept SSL2<br />> > client_hello what is being manifested by "wrong version<br />> > number" error.<br />> > To resolve this error you may disable SSL2 on client<br />> > or enable SSL2 handshake on server.<br />> > tcpdump output from wrong session handshake<br />> > may be helpful too."<br />> > <br />> > What I don't understand is how it could've worked in earlier versions. <br />> > Anyway, could this be a client issue? Can you try other clients to see <br />> > if they handle this differently? Can you disable SSLv2 in your client?<br />> > <br />> <br />> I had the same problem this morning after running 2.3.11 for over nine <br />> days. In my case restarting Thunderbird fixed my problem for now.<br />> <br />> <br />> <br />> Jan 15 13:28:42 student imap[9814]: wrong version number in SSL_accept() <br />> -> fail<br />> <br />> Jan 15 13:28:42 student imap[9814]: STARTTLS negotiation failed: <br />> TradeMart-2.EDnet.NS.CA [142.227.51.61]<br />> <br />> <br />> > <br />> > ------------------------------------------------------------------------<br />> > <br />> > ----<br />> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/<br />> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki<br />> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html<br />> <br />> ><br />> [ boutilpj.vcf (0.3 Ko) ]<br />> [ (pas de nom de fichier) (0.2 Ko) ]</blockquote><br /><br /><br /><br /><br /><br /> <BR><BR><i>Créez votre adresse électronique <a target=_blank href=http://www.laposte.net>prénom.nom@laposte.net</a> <BR> 1 Go d'espace de stockage, anti-spam et anti-virus intégrés.</i><BR>