TLS fails on imaps port
boutilpj at ednet.ns.ca
Mon Jan 25 12:33:31 EST 2010
On 01/25/2010 01:28 PM, Andrew Morgan wrote:
> On Sat, 23 Jan 2010, Bob Dye wrote:
>> I'm running Cyrus-imapd 2.3.7 on a Redhat Enterprise Linux 5 system.
>> TLS works fine if I connect to the imap port (143). If I try to connect
>> instead via the imaps port (993), the attempt times out and I get the
>> following in the log:
>> imaps: imaps TLS negotiation failed: [xx.xx.xx.xx]
>> imaps: Fatal error: tls_start_servertls() failed
>> Any ideas?
> Try the command line openssl client and see if it can negotiate SSL/TLS.
> Something like this:
> openssl s_client -connect your_server_dns_name:993 -CApath /etc/ssl/certs
> CApath should be the path to your local CA certificates directory,
> /etc/ssl/certs on Debian Linux. You could also add -debug to get a hex
> dump of the traffic.
> Can you post your imapd.conf file (sanitized)?
Just for reference, the above error happens when you try STARTTLS on
# telnet student.ednet.ns.ca 993
Connected to student.ednet.ns.ca.
Escape character is '^]'.
* BYE Fatal error: tls_start_servertls() failed
Connection closed by foreign host.
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 286 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20100125/6d348218/attachment.vcf
More information about the Info-cyrus