Treo 650 SSL Interaction with Cyrus

Ken Murchison ken at oceana.com
Thu Feb 17 09:27:55 EST 2005


Alec H. Peterson wrote:
> Hi there,
> 
> I am using a Treo 650 with Chatter IMAP (which has IDLE support) to sync 
> with my Cyrus IMAP folders.  It works great over port 143, however over 
> port 993 the SSL refuses to synchronize.  I've already been in contact 
> with the developer of Chatter, and he says the SSL API on the Treo gives 
> the developer very little to play with.  Furthermore, when using 
> STARTTLS with the SMTP functionality against my Exim SMTP server (which 
> has the same version of OpenSSL and uses the same certificate) it works 
> just fine.  This leads me to believe that something Cyrus is doing with 
> OpenSSL is not agreeing with the Treo's SSL library.
> 
> Note that Chatter only supports IMAP over port 993, not STARTTLS IMAP at 
> this stage.
> 
> Anyway, I have attached a debugging log of the failed SSL negotiation 
> from the server side.  If somebody with some insight in to Cyrus's use 
> of OpenSSL could give me a clue about where to look to try and narrow 
> this down that would be really helpful.

You're probably better off using something like SSLdump 
(http://www.rtfm.com/ssldump/) to debug this.  It will provide you with 
more extensive and more readable output.


> 
> Thanks much,
> 
> Alec
> Feb 16 17:10:12 ramirez master[32384]: about to exec /usr/cyrus/bin/imapd
> Feb 16 17:10:12 ramirez imaps[32384]: executed
> Feb 16 17:10:17 ramirez imaps[32289]: starting TLS server engine
> Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA 
> data
> Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA 
> data
> Feb 16 17:10:17 ramirez imaps[32289]: setting up TLS connection
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:before/accept 
> initialization
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33 01 00 00|2f 03
> Feb 16 17:10:17 ramirez imaps[32289]: 000b - <SPACES/NULS>
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 3a 5e df 74 53 01 eb 69|dc bc 
> fd ff 0c c8 82 39
> Feb 16 17:10:17 ramirez imaps[32289]: 0010 5c b8 89 33 35 6e 05 d4|79 e3 
> 71 5e 45 3b 59 f7
> Feb 16 17:10:17 ramirez imaps[32289]: 0020 00 00 08 00 04 00 05 00|64 00 
> 03 01
> Feb 16 17:10:17 ramirez imaps[32289]: 002d - <SPACES/NULS>
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server hello A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write certificate A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server done A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 flush data
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33
> Feb 16 17:10:17 ramirez imaps[32289]: 0000 01 00 00 2f 03 00 3a 5e|df 79 
> 72 fb fa f8 ec 93
> Feb 16 17:10:17 ramirez imaps[32289]: 0010 3b c4 07 94 20 12 88 f7|e0 25 
> ae 2b 88 39 e7 b1
> Feb 16 17:10:17 ramirez imaps[32289]: 0020 5b 68 c5 b3 a5 6f 00 00|08 00 
> 04 00 05 00 64 00
> Feb 16 17:10:17 ramirez imaps[32289]: 0030 03 01
> Feb 16 17:10:17 ramirez imaps[32289]: 0033 - <SPACES/NULS>
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello C
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server hello A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write certificate A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server done A
> Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 flush data
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 84
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 10 00 00 80 24 1e d6 0f|b4 25 
> 7c d8 c5 3e 66 78
> Feb 16 17:10:18 ramirez imaps[32289]: 0010 d3 e8 fc 2c 22 14 b5 9c|35 a0 
> 33 cc e8 aa bd f3
> Feb 16 17:10:18 ramirez imaps[32289]: 0020 0e 19 c8 55 ae 87 2a 3b|89 c2 
> 9b 19 3d 07 4c aa
> Feb 16 17:10:18 ramirez imaps[32289]: 0030 a8 43 bf 1b 69 a6 37 15|81 94 
> 89 a2 ae 5f 25 76
> Feb 16 17:10:18 ramirez imaps[32289]: 0040 f7 24 61 1a ea c6 5d af|88 95 
> 02 fa c3 c9 fc 33
> Feb 16 17:10:18 ramirez imaps[32289]: 0050 8f 74 45 58 02 54 b8 68|c1 90 
> 78 6a c9 fe 14 0f
> Feb 16 17:10:18 ramirez imaps[32289]: 0060 29 e6 73 68 5a 1d 87 38|33 c9 
> a6 60 dc e3 44 8b
> Feb 16 17:10:18 ramirez imaps[32289]: 0070 58 79 a5 b8 af 30 6d 60|19 a6 
> df 60 0f c5 fa ea
> Feb 16 17:10:18 ramirez imaps[32289]: 0080 0c 8d 56 67
> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:SSLv3 read client key 
> exchange A
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 14 03 00 00 01
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 01
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 38
> Feb 16 17:10:18 ramirez imaps[32289]: 0000 48 26 76 cc 52 e3 92 ca|bc bf 
> 8d 38 17 13 73 1a
> Feb 16 17:10:18 ramirez imaps[32289]: 0010 20 4d 62 94 fb a2 39 51|d3 ef 
> c9 59 91 6f 28 f0
> Feb 16 17:10:18 ramirez imaps[32289]: 0020 41 7f a1 39 96 d8 ad 73|5b ed 
> 27 db 33 dc 21 0f
> Feb 16 17:10:18 ramirez imaps[32289]: 0030 c3 46 04 20 54 6e e0 c1|
> Feb 16 17:10:18 ramirez imaps[32289]: SSL3 alert write:fatal:bad record mac
> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read 
> certificate verify A
> Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed: 
> 032-374-746.area5.spcsdns.net [70.2.19.200]
> Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read 
> certificate verify A
> Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed: 
> 032-374-746.area5.spcsdns.net [70.2.19.200]
> Feb 16 17:10:18 ramirez imaps[32289]: Fatal error: tls_start_servertls() 
> failed
> 


-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list