<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Patrick Boutilier wrote:
<blockquote
cite="mid:32759_1264368189_o0OLN8UP001847_4B5CB9DB.9030004@ednet.ns.ca"
type="cite">
<pre wrap="">On 01/24/2010 10:39 AM, Bob Dye wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Joseph Brennan wrote:
</pre>
<blockquote type="cite">
<pre wrap="">--On Saturday, January 23, 2010 4:54 PM -0800 Bob Dye
<a class="moz-txt-link-rfc2396E" href="mailto:bobdye@vintagefactor.com"><bobdye@vintagefactor.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I'm running Cyrus-imapd 2.3.7 on a Redhat Enterprise Linux 5 system.
TLS works fine if I connect to the imap port (143). If I try to connect
instead via the imaps port (993), the attempt times out and I get the
following in the log:
imaps[27170]: imaps TLS negotiation failed: [xx.xx.xx.xx]
imaps[27170]: Fatal error: tls_start_servertls() failed
</pre>
</blockquote>
<pre wrap="">
Normal. It should fail. 993 requires SSL.
Joseph Brennan
Columbia University Information Technology
----
Cyrus Home Page:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a>
Cyrus Wiki/FAQ:<a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a>
List Archives/Info:<a class="moz-txt-link-freetext" href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html</a>
</pre>
</blockquote>
<pre wrap="">993 (the port) does not require SSL. The official IANA definition is
"imap4 protocol over TLS/SSL".
Perhaps you're saying that Cyrus-imapd only supports SSL on 993 for some
reason?
</pre>
</blockquote>
<pre wrap=""><!---->
Assuming you are running imapd -s on port 993, from the man page for imapd:
-s Serve IMAP over SSL (imaps). All data to and from imapd is
encrypted using the Secure Sockets Layer.
</pre>
<blockquote type="cite">
<pre wrap="">--
Bob Dye
Vintagefactor
<a class="moz-txt-link-rfc2396E" href="http://www.vintagefactor.com/"><http://www.vintagefactor.com/></a> <a class="moz-txt-link-rfc2396E" href="http://www.vintagefactor.com/"><http://www.vintagefactor.com/></a>
----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a>
Cyrus Wiki/FAQ: <a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html</a>
</pre>
</blockquote>
<pre wrap=""><!---->
----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/">http://cyrusimap.web.cmu.edu/</a>
Cyrus Wiki/FAQ: <a class="moz-txt-link-freetext" href="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://asg.web.cmu.edu/cyrus/mailing-list.html">http://asg.web.cmu.edu/cyrus/mailing-list.html</a>
</pre>
</blockquote>
Yes, those are the words on the man page. I am reluctant to simply
accept that as true because:<br>
<br>
1. The man page does not say anything about TLS. It is difficult to
draw conclusions from lack of documentation. You might assume that it
does not support TLS at all, but it definitely does. I have seen a
number of cases where software documentation has not been updated to
reflect TLS (vs. SSL).<br>
<br>
2. The error message ("imaps TLS negotiation failed") implies that
cyrus-imapd is trying to support TLS and failing. If it supported only
SSL, it would presumably not try TLS.<br>
<br>
<div class="moz-signature">-- <br>
<div
style="margin: 0pt; font-family: black Arial,Helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 11pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
<p>Bob Dye<br>
Vintagefactor<br>
<br>
<a href="http://www.vintagefactor.com/"></a></p>
</div>
</div>
</body>
</html>