STARTTLS on Cyrus IMAPd 2.3.11

Jorey Bump list at joreybump.com
Tue Mar 18 17:55:42 EDT 2008


Wesley Craig wrote, at 03/18/2008 04:44 PM:
> On 18 Mar 2008, at 16:11, Jorey Bump wrote:
>> Everything
>> seems to be working fine, with the exception of STARTTLS connections to
>> port 143 from *remote* machines.
>>
>> C: S01 STARTTLS
>> S: S01 OK Begin TLS negotiation now
>> verify error:num=19:self signed certificate in certificate chain
> 
> Who signed the certificate?

issuer=/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1

It's the same key/certificate I'm using on the production machine 
running 2.3.7, so I don't think there's anything wrong with the 
certificate. As I mentioned, it doesn't stop local connections, which 
proceed beyond that error. And imaps (port 993) connections work fine 
with the same system/certificate.

The failed Thunderbird connections cause this entry in the debug log:

Mar 18 17:48:54 mail imap[6279]: accepted connection
Mar 18 17:48:55 mail imap[6279]: wrong version number in SSL_accept() -> 
fail
Mar 18 17:48:57 mail imap[6279]: accepted connection
Mar 18 17:48:57 mail imap[6279]: wrong version number in SSL_accept() -> 
fail

Searches for this error and Cyrus IMAP turn up another posting in 
January that was apparently never resolved:

http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html

I'm concerned I'll have to regress to an earlier version, but I'm hoping 
  there is a simple fix for this.





More information about the Info-cyrus mailing list