STARTTLS negotiation failed

Steve Huston huston at astro.Princeton.EDU
Fri Jan 10 15:28:50 EST 2003 

This is more of a Pine problem than Cyrus, but I'm hoping someone here might
know what I can do...

I'm setting up a test server to check out the latest release of Cyrus IMAPD,
as well as a few other things (sendmail+TLS+SMTP AUTH, squirrelmail,
spamassassin & amavis).  I've got Cyrus installed and running, and can read
mail fine with it (though there isn't any to read right now).  My problem is
connecting with Pine.

Now, our current Cyrus server has a self-signed cert which Pine doesn't like
unless you add /novalidate-cert to the hostname of the server.  But this time,
that doesn't even help as it just says "There was an SSL/TLS failure for the
server" "The reason for the failure was: SSL Negotiation failed"  Cyrus also
reports the same thing in the logs.  I understand the point of
'/novalidate-cert', meaning don't try to check the signing authority on the
cert, and I could overlook things if that was the only error.  But the whole
"negotiation failed" part has me worried, as I can't buy a cert for a test
server, and can't deploy the new Cyrus if Pine won't work with it (it's the
only departmentally-supported mail client, I've guaranteed it will work even
if the IMAP-client-du-jour doesn't).  Cranking up the debugging in Pine
(thanks RedHat for making me recompile it to add what should be there by
default) only gets me that Pine issues the STARTTLS command, and then right
after that complains that negotiation failed, no reason why.

Anyone have an idea?  I suppose I could dig up the CA cert I created before to
sign the current server's cert, and sign the test server's cert with it, and
even install that in /usr/share/ssl/ so it will be 'recognized' as authentic.
But it doesn't seem to be complaining about validity, just that it can't
negotiate.  I can, however, using Mozilla or Apple's "Mail" program, so I
don't think there's anything wrong with Cyrus (and Pine 4.44 works with the
current server just fine).

-- 
Steve Huston - Unix Systems Administrator, Dept. of Astrophysical Sciences
 Princeton University  |     ICBM Address: 40.346525   -74.651285
   126 Peyton Hall     |"On my ship, the Rocinante, wheeling through
 Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
   (609) 258-7375      | headlong into mystery."  -Rush, 'Cygnus X-1'

More information about the Info-cyrus mailing list