TLS fails on imaps port
Patrick Boutilier
boutilpj at ednet.ns.ca
Mon Jan 25 12:33:31 EST 2010
On 01/25/2010 01:28 PM, Andrew Morgan wrote:
> On Sat, 23 Jan 2010, Bob Dye wrote:
>
>> I'm running Cyrus-imapd 2.3.7 on a Redhat Enterprise Linux 5 system.
>>
>> TLS works fine if I connect to the imap port (143). If I try to connect
>> instead via the imaps port (993), the attempt times out and I get the
>> following in the log:
>>
>> imaps[27170]: imaps TLS negotiation failed: [xx.xx.xx.xx]
>> imaps[27170]: Fatal error: tls_start_servertls() failed
>>
>> Any ideas?
>
> Try the command line openssl client and see if it can negotiate SSL/TLS.
> Something like this:
>
> openssl s_client -connect your_server_dns_name:993 -CApath /etc/ssl/certs
>
> CApath should be the path to your local CA certificates directory,
> /etc/ssl/certs on Debian Linux. You could also add -debug to get a hex
> dump of the traffic.
>
> Can you post your imapd.conf file (sanitized)?
Just for reference, the above error happens when you try STARTTLS on
port 993:
# telnet student.ednet.ns.ca 993
Trying 142.227.51.32...
Connected to student.ednet.ns.ca.
Escape character is '^]'.
starttls
* BYE Fatal error: tls_start_servertls() failed
Connection closed by foreign host.
>
> Andy
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: boutilpj.vcf
Type: text/x-vcard
Size: 286 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20100125/6d348218/attachment.vcf
More information about the Info-cyrus
mailing list