More success with TLS; problem with STARTTLS
Mirosław Jaworski
mjaw at ikp.pl
Mon Apr 2 04:03:36 EDT 2007
On Mon, 2007-04-02 at 12:36 +0530, JOYDEEP wrote:
> Dear all,
>
> here is some more success story.
>
> 1> using LOGIN
>
> imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s
>
>
> --------------------------------------------------------------
> verify error:num=19:self signed certificate in certificate chain
> verify error:num=24:invalid CA certificate
> verify error:num=26:unsupported certificate purpose
> TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
> S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
> S: C01 OK Completed
> Please enter your password:
>
> C: L01 LOGIN aftab {5}
> S: + go ahead
> C: <omitted>
> S: L01 OK User logged in
> Authenticated.
> Security strength factor: 256
> ----------------------------------------------------------------------------------------
>
> 2> Using PLAIN
>
> imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s
>
> ------------------------------------------
> verify error:num=19:self signed certificate in certificate chain
> verify error:num=24:invalid CA certificate
> verify error:num=26:unsupported certificate purpose
> TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
> S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
> S: C01 OK Completed
> Please enter your password:
>
> C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi
> 'S: A01 OK Success (tls protection)
> Authenticated.
> Security strength factor: 256
> ---------------------------------------------------------------------
>
> 3> but the problem is using STARTTLS
>
> ---------------------------------------
> verify error:num=19:self signed certificate in certificate chain
> verify error:num=24:invalid CA certificate
> verify error:num=26:unsupported certificate purpose
> TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
> S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
> S: C01 OK Completed
> failure: STARTTLS not supported by the server!
> ------------------------------------------------------------------
As you can see, you already use TLS when connecting to 993/995.
STARTTLS doesn't make sense and therefore is "not supported".
Connect to unencrypted services ( 110/143 ), then ask for STARTTLS.
--
Mirosław "Psyborg" Jaworski
GCS/IT d- s+:+ a C++$ UBI++++$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O-
M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y?
"If ignorance is bliss, why aren't there more happy people?"
More information about the Info-cyrus
mailing list