Treo 650 SSL Interaction with Cyrus
Ken Murchison
ken at oceana.com
Thu Feb 17 09:27:55 EST 2005
Alec H. Peterson wrote:
> Hi there,
>
> I am using a Treo 650 with Chatter IMAP (which has IDLE support) to sync
> with my Cyrus IMAP folders. It works great over port 143, however over
> port 993 the SSL refuses to synchronize. I've already been in contact
> with the developer of Chatter, and he says the SSL API on the Treo gives
> the developer very little to play with. Furthermore, when using
> STARTTLS with the SMTP functionality against my Exim SMTP server (which
> has the same version of OpenSSL and uses the same certificate) it works
> just fine. This leads me to believe that something Cyrus is doing with
> OpenSSL is not agreeing with the Treo's SSL library.
>
> Note that Chatter only supports IMAP over port 993, not STARTTLS IMAP at
> this stage.
>
> Anyway, I have attached a debugging log of the failed SSL negotiation
> from the server side. If somebody with some insight in to Cyrus's use
> of OpenSSL could give me a clue about where to look to try and narrow
> this down that would be really helpful.
You're probably better off using something like SSLdump
(http://www.rtfm.com/ssldump/) to debug this. It will provide you with
more extensive and more readable output.
>
> Thanks much,
>
> Alec
> Feb 16 17:10:12 ramirez master[32384]: about to exec /usr/cyrus/bin/imapd
> Feb 16 17:10:12 ramirez imaps[32384]: executed
> Feb 16 17:10:17 ramirez imaps[32289]: starting TLS server engine
> Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA
> data
> Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA
> data
> Feb 16 17:10:17 ramirez imaps[32289]: setting up TLS connection
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:before/accept
> initialization
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33 01 00 00|2f 03
> Feb 16 17:10:17 ramirez imaps[32289]: 000b - <SPACES/NULS>
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 3a 5e df 74 53 01 eb 69|dc bc
> fd ff 0c c8 82 39
> Feb 16 17:10:17 ramirez imaps[32289]: 0010 5c b8 89 33 35 6e 05 d4|79 e3
> 71 5e 45 3b 59 f7
> Feb 16 17:10:17 ramirez imaps[32289]: 0020 00 00 08 00 04 00 05 00|64 00
> 03 01
> Feb 16 17:10:17 ramirez imaps[32289]: 002d - <SPACES/NULS>
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server hello A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write certificate A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server done A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 flush data
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 01 00 00 2f 03 00 3a 5e|df 79
> 72 fb fa f8 ec 93
> Feb 16 17:10:17 ramirez imaps[32289]: 0010 3b c4 07 94 20 12 88 f7|e0 25
> ae 2b 88 39 e7 b1
> Feb 16 17:10:17 ramirez imaps[32289]: 0020 5b 68 c5 b3 a5 6f 00 00|08 00
> 04 00 05 00 64 00
> Feb 16 17:10:17 ramirez imaps[32289]: 0030 03 01
> Feb 16 17:10:17 ramirez imaps[32289]: 0033 - <SPACES/NULS>
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello C
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server hello A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write certificate A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server done A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 flush data
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 84
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 10 00 00 80 24 1e d6 0f|b4 25
> 7c d8 c5 3e 66 78
> Feb 16 17:10:18 ramirez imaps[32289]: 0010 d3 e8 fc 2c 22 14 b5 9c|35 a0
> 33 cc e8 aa bd f3
> Feb 16 17:10:18 ramirez imaps[32289]: 0020 0e 19 c8 55 ae 87 2a 3b|89 c2
> 9b 19 3d 07 4c aa
> Feb 16 17:10:18 ramirez imaps[32289]: 0030 a8 43 bf 1b 69 a6 37 15|81 94
> 89 a2 ae 5f 25 76
> Feb 16 17:10:18 ramirez imaps[32289]: 0040 f7 24 61 1a ea c6 5d af|88 95
> 02 fa c3 c9 fc 33
> Feb 16 17:10:18 ramirez imaps[32289]: 0050 8f 74 45 58 02 54 b8 68|c1 90
> 78 6a c9 fe 14 0f
> Feb 16 17:10:18 ramirez imaps[32289]: 0060 29 e6 73 68 5a 1d 87 38|33 c9
> a6 60 dc e3 44 8b
> Feb 16 17:10:18 ramirez imaps[32289]: 0070 58 79 a5 b8 af 30 6d 60|19 a6
> df 60 0f c5 fa ea
> Feb 16 17:10:18 ramirez imaps[32289]: 0080 0c 8d 56 67
> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:SSLv3 read client key
> exchange A
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 14 03 00 00 01
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 01
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 38
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 48 26 76 cc 52 e3 92 ca|bc bf
> 8d 38 17 13 73 1a
> Feb 16 17:10:18 ramirez imaps[32289]: 0010 20 4d 62 94 fb a2 39 51|d3 ef
> c9 59 91 6f 28 f0
> Feb 16 17:10:18 ramirez imaps[32289]: 0020 41 7f a1 39 96 d8 ad 73|5b ed
> 27 db 33 dc 21 0f
> Feb 16 17:10:18 ramirez imaps[32289]: 0030 c3 46 04 20 54 6e e0 c1|
> Feb 16 17:10:18 ramirez imaps[32289]: SSL3 alert write:fatal:bad record mac
> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read
> certificate verify A
> Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed:
> 032-374-746.area5.spcsdns.net [70.2.19.200]
> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read
> certificate verify A
> Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed:
> 032-374-746.area5.spcsdns.net [70.2.19.200]
> Feb 16 17:10:18 ramirez imaps[32289]: Fatal error: tls_start_servertls()
> failed
>
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list