TLS fails on imaps port
Patrick Boutilier
boutilpj at ednet.ns.ca
Mon Jan 25 12:31:26 EST 2010
On 01/25/2010 11:51 AM, Bob Dye wrote:
> Patrick Boutilier wrote:
>> On 01/24/2010 10:39 AM, Bob Dye wrote:
>>
>>> Joseph Brennan wrote:
>>>
>>>> --On Saturday, January 23, 2010 4:54 PM -0800 Bob Dye
>>>> <bobdye at vintagefactor.com> wrote:
>>>>
>>>>
>>>>
>>>>> I'm running Cyrus-imapd 2.3.7 on a Redhat Enterprise Linux 5 system.
>>>>>
>>>>> TLS works fine if I connect to the imap port (143). If I try to connect
>>>>> instead via the imaps port (993), the attempt times out and I get the
>>>>> following in the log:
>>>>>
>>>>> imaps[27170]: imaps TLS negotiation failed: [xx.xx.xx.xx]
>>>>> imaps[27170]: Fatal error: tls_start_servertls() failed
>>>>>
>>>>>
>>>>
>>>> Normal. It should fail. 993 requires SSL.
>>>>
>>>>
>>>> Joseph Brennan
>>>> Columbia University Information Technology
>>>>
>>>>
>>>> ----
>>>> Cyrus Home Page:http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ:http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info:http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>>
>>> 993 (the port) does not require SSL. The official IANA definition is
>>> "imap4 protocol over TLS/SSL".
>>>
>>> Perhaps you're saying that Cyrus-imapd only supports SSL on 993 for some
>>> reason?
>>>
>>
>> Assuming you are running imapd -s on port 993, from the man page for imapd:
>>
>> -s Serve IMAP over SSL (imaps). All data to and from imapd is
>> encrypted using the Secure Sockets Layer.
>>
>>
>>
>>
>>
>>> --
>>>
>>> Bob Dye
>>> Vintagefactor
>>>
>>> <http://www.vintagefactor.com/> <http://www.vintagefactor.com/>
>>>
>>>
>>>
>>> ----
>>> Cyrus Home Page:http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ:http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info:http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>> ----
>> Cyrus Home Page:http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ:http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info:http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
> Yes, those are the words on the man page. I am reluctant to simply
> accept that as true because:
>
> 1. The man page does not say anything about TLS. It is difficult to draw
> conclusions from lack of documentation. You might assume that it does
> not support TLS at all, but it definitely does. I have seen a number of
> cases where software documentation has not been updated to reflect TLS
> (vs. SSL).
>
> 2. The error message ("imaps TLS negotiation failed") implies that
> cyrus-imapd is trying to support TLS and failing. If it supported only
> SSL, it would presumably not try TLS.
What IMAP client are you using? Sounds like you are trying to use STARTTLS.
http://sial.org/howto/openssl/tls-name/
>
> --
>
> Bob Dye
> Vintagefactor
>
> <http://www.vintagefactor.com/>
>
>
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: boutilpj.vcf
Type: text/x-vcard
Size: 286 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20100125/f9ed5b06/attachment.vcf
More information about the Info-cyrus
mailing list