can anyone *confirm* TLS function in Cyrus-Imap (v2.3.7) ?
Cristi Mitrana
cristian.mitrana at online.ie
Fri Aug 11 15:52:35 EDT 2006
Richard wrote:
> hi,
>
> SSL certs & TLS usage are fine/good on my system with other mail apps,
> but, so far, w/ cyrus-latest, no luck.
>
> after a successful server build/install/launch, an (simple?) attempt to
> check TLS function w/:
>
> % imtest -v \
> -t "/var/CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
Are you sure that the file above is a x.509 valid certificate and not
it's private key ?
> -p imap \
> -m digest-md5 \
> -a testuser.admin at mail.testdomain.com \
> -u testuser.admin at mail.testdomain.com \
> -r mail.testdomain.com \
> mail.testdomain.com
>
TLS works fine for me:
imtest -t '' -a ME at server -m DIGEST-MD5 localhost
S: * OK mail.server Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=NTLM SASL-IR X-NETSCAPE
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=NTLM SASL-IR X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
and so on..
so you can be sure that it works, it must be something that you
overlooked, simply try and connect with a imap client directly.
mitu
More information about the Info-cyrus
mailing list