Cyrus IMAP4 v2.1.18 no login via SSL

Lars Hanke lars at lhanke.de
Tue May 17 17:12:16 EDT 2005 

Hi there,

I came to a closer analysis of an issue I posted some time ago. For some 
very strange reason I can authenticate to imapd via imap, but the same 
procedure fails with imaps, although SSL appears to be sane. This is 
what happens:

telnet verdani imap
[stripped standard messages]
* OK verdani Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-1 server ready
a001 login mgr ******
a001 OK User logged in
a002 logout
* BYE LOGOUT received
a002 OK Completed
Connection closed by foreign host.

openssh s_client -connect verdani:imaps
[stripped most of certificates and such]
Verify return code: 19 (self signed certificate in certificate chain)
---
* OK verdani Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-1 server ready
a001 login mgr ******

and it simply does not return anymore.

There is no difference in /var/log/auth.log, which however reports all 
the steps it goes through by using DIGEST-MD5 with ldapdb for 
authentication. There is a difference in /var/log/mail.log:

The telnet case:
May 17 22:57:37 verdani cyrus/master[4209]: about to exec 
/usr/lib/cyrus/bin/imapd
May 17 22:57:37 verdani cyrus/imap[4209]: executed
May 17 22:57:37 verdani cyrus/imapd[4209]: accepted connection
May 17 22:57:51 verdani cyrus/imapd[4209]: login: 
sleipnir.mgr[172.16.1.3] mgr plaintext

The openssl case:
May 17 22:58:27 verdani cyrus/master[4219]: about to exec 
/usr/lib/cyrus/bin/imapd
May 17 22:58:27 verdani cyrus/imaps[4219]: executed
May 17 22:58:27 verdani cyrus/imapd[4219]: accepted connection
May 17 22:58:28 verdani cyrus/imapd[4219]: mystore: starting txn 2147483777
May 17 22:58:28 verdani cyrus/imapd[4219]: mystore: committing txn 
2147483777
May 17 22:58:28 verdani cyrus/imapd[4219]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication

in particular there is no login line.

I checked /dev/random, since all these DIGEST-MD5 etc. eat a lot of 
entropy. Actually I did
#>ln -s /dev/urandom /dev/random
and checked
#>dd if=/dev/random bs=8 count=1
during the hanging authentication. There are random numbers available, 
but still the authentication hangs.

I'm lost. I would appreciate some help in further troubleshooting.

Regards,
 - lars.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list