Treo 650 SSL Interaction with Cyrus

Alec H. Peterson ahp at hilander.com
Thu Feb 17 12:15:07 EST 2005


Oh man that's twisted, as soon as I started looking at it with ssldump it 
started working properly.  Now I'm thoroughly confused.

Alec

--On February 17, 2005 9:27:55 -0500 Ken Murchison <ken at oceana.com> wrote:

> Alec H. Peterson wrote:
>> Hi there,
>>
>> I am using a Treo 650 with Chatter IMAP (which has IDLE support) to sync
>> with my Cyrus IMAP folders.  It works great over port 143, however over
>> port 993 the SSL refuses to synchronize.  I've already been in contact
>> with the developer of Chatter, and he says the SSL API on the Treo gives
>> the developer very little to play with.  Furthermore, when using
>> STARTTLS with the SMTP functionality against my Exim SMTP server (which
>> has the same version of OpenSSL and uses the same certificate) it works
>> just fine.  This leads me to believe that something Cyrus is doing with
>> OpenSSL is not agreeing with the Treo's SSL library.
>>
>> Note that Chatter only supports IMAP over port 993, not STARTTLS IMAP at
>> this stage.
>>
>> Anyway, I have attached a debugging log of the failed SSL negotiation
>> from the server side.  If somebody with some insight in to Cyrus's use
>> of OpenSSL could give me a clue about where to look to try and narrow
>> this down that would be really helpful.
>
> You're probably better off using something like SSLdump
> (http://www.rtfm.com/ssldump/) to debug this.  It will provide you with
> more extensive and more readable output.
>
>
>>
>> Thanks much,
>>
>> Alec
>> Feb 16 17:10:12 ramirez master[32384]: about to exec /usr/cyrus/bin/imapd
>> Feb 16 17:10:12 ramirez imaps[32384]: executed
>> Feb 16 17:10:17 ramirez imaps[32289]: starting TLS server engine
>> Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA
>> data
>> Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA
>> data
>> Feb 16 17:10:17 ramirez imaps[32289]: setting up TLS connection
>> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:before/accept
>> initialization
>> Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33 01 00 00|2f 03
>> Feb 16 17:10:17 ramirez imaps[32289]: 000b - <SPACES/NULS>
>> Feb 16 17:10:17 ramirez imaps[32289]: 0000 3a 5e df 74 53 01 eb 69|dc bc
>> fd ff 0c c8 82 39
>> Feb 16 17:10:17 ramirez imaps[32289]: 0010 5c b8 89 33 35 6e 05 d4|79 e3
>> 71 5e 45 3b 59 f7
>> Feb 16 17:10:17 ramirez imaps[32289]: 0020 00 00 08 00 04 00 05 00|64 00
>> 03 01
>> Feb 16 17:10:17 ramirez imaps[32289]: 002d - <SPACES/NULS>
>> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello
>> A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server
>> hello A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write
>> certificate A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3
>> write server done A Feb 16 17:10:17 ramirez imaps[32289]:
>> SSL_accept:SSLv3 flush data Feb 16 17:10:17 ramirez imaps[32289]: 0000
>> 16 03 00 00 33
>> Feb 16 17:10:17 ramirez imaps[32289]: 0000 01 00 00 2f 03 00 3a 5e|df 79
>> 72 fb fa f8 ec 93
>> Feb 16 17:10:17 ramirez imaps[32289]: 0010 3b c4 07 94 20 12 88 f7|e0 25
>> ae 2b 88 39 e7 b1
>> Feb 16 17:10:17 ramirez imaps[32289]: 0020 5b 68 c5 b3 a5 6f 00 00|08 00
>> 04 00 05 00 64 00
>> Feb 16 17:10:17 ramirez imaps[32289]: 0030 03 01
>> Feb 16 17:10:17 ramirez imaps[32289]: 0033 - <SPACES/NULS>
>> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello
>> C Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server
>> hello A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write
>> certificate A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3
>> write server done A Feb 16 17:10:17 ramirez imaps[32289]:
>> SSL_accept:SSLv3 flush data Feb 16 17:10:18 ramirez imaps[32289]: 0000
>> 16 03 00 00 84
>> Feb 16 17:10:18 ramirez imaps[32289]: 0000 10 00 00 80 24 1e d6 0f|b4 25
>> 7c d8 c5 3e 66 78
>> Feb 16 17:10:18 ramirez imaps[32289]: 0010 d3 e8 fc 2c 22 14 b5 9c|35 a0
>> 33 cc e8 aa bd f3
>> Feb 16 17:10:18 ramirez imaps[32289]: 0020 0e 19 c8 55 ae 87 2a 3b|89 c2
>> 9b 19 3d 07 4c aa
>> Feb 16 17:10:18 ramirez imaps[32289]: 0030 a8 43 bf 1b 69 a6 37 15|81 94
>> 89 a2 ae 5f 25 76
>> Feb 16 17:10:18 ramirez imaps[32289]: 0040 f7 24 61 1a ea c6 5d af|88 95
>> 02 fa c3 c9 fc 33
>> Feb 16 17:10:18 ramirez imaps[32289]: 0050 8f 74 45 58 02 54 b8 68|c1 90
>> 78 6a c9 fe 14 0f
>> Feb 16 17:10:18 ramirez imaps[32289]: 0060 29 e6 73 68 5a 1d 87 38|33 c9
>> a6 60 dc e3 44 8b
>> Feb 16 17:10:18 ramirez imaps[32289]: 0070 58 79 a5 b8 af 30 6d 60|19 a6
>> df 60 0f c5 fa ea
>> Feb 16 17:10:18 ramirez imaps[32289]: 0080 0c 8d 56 67
>> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:SSLv3 read client key
>> exchange A
>> Feb 16 17:10:18 ramirez imaps[32289]: 0000 14 03 00 00 01
>> Feb 16 17:10:18 ramirez imaps[32289]: 0000 01
>> Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 38
>> Feb 16 17:10:18 ramirez imaps[32289]: 0000 48 26 76 cc 52 e3 92 ca|bc bf
>> 8d 38 17 13 73 1a
>> Feb 16 17:10:18 ramirez imaps[32289]: 0010 20 4d 62 94 fb a2 39 51|d3 ef
>> c9 59 91 6f 28 f0
>> Feb 16 17:10:18 ramirez imaps[32289]: 0020 41 7f a1 39 96 d8 ad 73|5b ed
>> 27 db 33 dc 21 0f
>> Feb 16 17:10:18 ramirez imaps[32289]: 0030 c3 46 04 20 54 6e e0 c1|
>> Feb 16 17:10:18 ramirez imaps[32289]: SSL3 alert write:fatal:bad record
>> mac Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read
>> certificate verify A
>> Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed:
>> 032-374-746.area5.spcsdns.net [70.2.19.200]
>> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read
>> certificate verify A
>> Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed:
>> 032-374-746.area5.spcsdns.net [70.2.19.200]
>> Feb 16 17:10:18 ramirez imaps[32289]: Fatal error: tls_start_servertls()
>> failed
>>
>
>
> --
> Kenneth Murchison     Oceana Matrix Ltd.
> Software Engineer     21 Princeton Place
> 716-662-8973 x26      Orchard Park, NY 14127
> --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
>
> !DSPAM:4214a960220691250913787!
>
>




---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list