<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Patrick Boutilier wrote:
<blockquote cite="mid:4B5DD56E.3080203@ednet.ns.ca" type="cite">On
01/25/2010 11:51 AM, Bob Dye wrote:
<br>
<blockquote type="cite">Patrick Boutilier wrote:
<br>
<blockquote type="cite">On 01/24/2010 10:39 AM, Bob Dye wrote:
<br>
<br>
<blockquote type="cite">Joseph Brennan wrote:
<br>
<br>
<blockquote type="cite">--On Saturday, January 23, 2010 4:54 PM
-0800 Bob Dye
<br>
<a class="moz-txt-link-rfc2396E" href="mailto:bobdye@vintagefactor.com"><bobdye@vintagefactor.com></a> wrote:
<br>
<br>
<br>
<br>
<blockquote type="cite">I'm running Cyrus-imapd 2.3.7 on a
Redhat Enterprise Linux 5 system.
<br>
<br>
TLS works fine if I connect to the imap port (143). If I try to connect
<br>
instead via the imaps port (993), the attempt times out and I get the
<br>
following in the log:
<br>
<br>
imaps[27170]: imaps TLS negotiation failed: [xx.xx.xx.xx]
<br>
imaps[27170]: Fatal error: tls_start_servertls() failed
<br>
<br>
<br>
</blockquote>
<br>
Normal. It should fail. 993 requires SSL.
<br>
<br>
<br>
Joseph Brennan
<br>
Columbia University Information Technology
<br>
<br>
<br>
----
<br>
Cyrus Home Page:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a>
<br>
Cyrus Wiki/FAQ:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a>
<br>
List Archives/Info:<a class="moz-txt-link-freetext" href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html</a>
<br>
<br>
<br>
</blockquote>
993 (the port) does not require SSL. The official IANA definition is
<br>
"imap4 protocol over TLS/SSL".
<br>
<br>
Perhaps you're saying that Cyrus-imapd only supports SSL on 993 for
some
<br>
reason?
<br>
<br>
</blockquote>
<br>
Assuming you are running imapd -s on port 993, from the man page for
imapd:
<br>
<br>
-s Serve IMAP over SSL (imaps). All data to and from imapd is
<br>
encrypted using the Secure Sockets Layer.
<br>
<br>
<br>
<br>
<br>
<br>
<blockquote type="cite">--
<br>
<br>
Bob Dye
<br>
Vintagefactor
<br>
<br>
<a class="moz-txt-link-rfc2396E" href="http://www.vintagefactor.com/"><http://www.vintagefactor.com/></a>
<a class="moz-txt-link-rfc2396E" href="http://www.vintagefactor.com/"><http://www.vintagefactor.com/></a>
<br>
<br>
<br>
<br>
----
<br>
Cyrus Home Page:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a>
<br>
Cyrus Wiki/FAQ:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a>
<br>
List Archives/Info:<a class="moz-txt-link-freetext" href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html</a>
<br>
<br>
</blockquote>
<br>
----
<br>
Cyrus Home Page:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a>
<br>
Cyrus Wiki/FAQ:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a>
<br>
List Archives/Info:<a class="moz-txt-link-freetext" href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html</a>
<br>
<br>
</blockquote>
Yes, those are the words on the man page. I am reluctant to simply
<br>
accept that as true because:
<br>
<br>
1. The man page does not say anything about TLS. It is difficult to
draw
<br>
conclusions from lack of documentation. You might assume that it does
<br>
not support TLS at all, but it definitely does. I have seen a number of
<br>
cases where software documentation has not been updated to reflect TLS
<br>
(vs. SSL).
<br>
<br>
2. The error message ("imaps TLS negotiation failed") implies that
<br>
cyrus-imapd is trying to support TLS and failing. If it supported only
<br>
SSL, it would presumably not try TLS.
<br>
</blockquote>
<br>
<br>
What IMAP client are you using? Sounds like you are trying to use
STARTTLS.
<br>
<br>
<a class="moz-txt-link-freetext" href="http://sial.org/howto/openssl/tls-name/">http://sial.org/howto/openssl/tls-name/</a>
<br>
<br>
<br>
<br>
<br>
<blockquote type="cite"><br>
--
<br>
<br>
Bob Dye
<br>
Vintagefactor
<br>
<br>
<a class="moz-txt-link-rfc2396E" href="http://www.vintagefactor.com/"><http://www.vintagefactor.com/></a>
<br>
<br>
<br>
<br>
----
<br>
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a>
<br>
Cyrus Wiki/FAQ: <a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a>
<br>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html</a>
<br>
</blockquote>
<br>
</blockquote>
Patrick,<br>
<br>
I use Mozilla Thunderbird.<br>
<br>
<div class="moz-signature">-- <br>
<div
style="margin: 0pt; font-family: black Arial,Helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 11pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
<p>Bob Dye<br>
Vintagefactor<br>
<a href="http://www.vintagefactor.com/"><br>
</a></p>
</div>
</div>
</body>
</html>