TLS fails on imaps port

Bob Dye bobdye at vintagefactor.com
Mon Jan 25 13:26:04 EST 2010


Patrick Boutilier wrote:
> On 01/25/2010 11:51 AM, Bob Dye wrote:
>> Patrick Boutilier wrote:
>>> On 01/24/2010 10:39 AM, Bob Dye wrote:
>>>
>>>> Joseph Brennan wrote:
>>>>
>>>>> --On Saturday, January 23, 2010 4:54 PM -0800 Bob Dye
>>>>> <bobdye at vintagefactor.com>   wrote:
>>>>>
>>>>>
>>>>>
>>>>>> I'm running Cyrus-imapd 2.3.7 on a Redhat Enterprise Linux 5 system.
>>>>>>
>>>>>> TLS works fine if I connect to the imap port (143). If I try to 
>>>>>> connect
>>>>>> instead via the imaps port (993), the attempt times out and I get 
>>>>>> the
>>>>>> following in the log:
>>>>>>
>>>>>> imaps[27170]: imaps TLS negotiation failed: [xx.xx.xx.xx]
>>>>>> imaps[27170]: Fatal error: tls_start_servertls() failed
>>>>>>
>>>>>>
>>>>>
>>>>> Normal.  It should fail.  993 requires SSL.
>>>>>
>>>>>
>>>>> Joseph Brennan
>>>>> Columbia University Information Technology
>>>>>
>>>>>
>>>>> ----
>>>>> Cyrus Home Page:http://cyrusimap.web.cmu.edu/
>>>>> Cyrus Wiki/FAQ:http://cyrusimap.web.cmu.edu/twiki
>>>>> List Archives/Info:http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>>
>>>>>
>>>> 993 (the port) does not require SSL. The official IANA definition is
>>>> "imap4 protocol over TLS/SSL".
>>>>
>>>> Perhaps you're saying that Cyrus-imapd only supports SSL on 993 for 
>>>> some
>>>> reason?
>>>>
>>>
>>> Assuming you are running imapd -s on port 993, from the man page for 
>>> imapd:
>>>
>>> -s     Serve IMAP over SSL (imaps).  All data to and from imapd is
>>> encrypted using the Secure Sockets Layer.
>>>
>>>
>>>
>>>
>>>
>>>> -- 
>>>>
>>>> Bob Dye
>>>> Vintagefactor
>>>>
>>>> <http://www.vintagefactor.com/>  <http://www.vintagefactor.com/>
>>>>
>>>>
>>>>
>>>> ----
>>>> Cyrus Home Page:http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ:http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info:http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>
>>> ----
>>> Cyrus Home Page:http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ:http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info:http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>> Yes, those are the words on the man page. I am reluctant to simply
>> accept that as true because:
>>
>> 1. The man page does not say anything about TLS. It is difficult to draw
>> conclusions from lack of documentation. You might assume that it does
>> not support TLS at all, but it definitely does. I have seen a number of
>> cases where software documentation has not been updated to reflect TLS
>> (vs. SSL).
>>
>> 2. The error message ("imaps TLS negotiation failed") implies that
>> cyrus-imapd is trying to support TLS and failing. If it supported only
>> SSL, it would presumably not try TLS.
>
>
> What IMAP client are you using? Sounds like you are trying to use 
> STARTTLS.
>
> http://sial.org/howto/openssl/tls-name/
>
>
>
>
>>
>> -- 
>>
>> Bob Dye
>> Vintagefactor
>>
>> <http://www.vintagefactor.com/>
>>
>>
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
Patrick,

I use Mozilla Thunderbird.

-- 

Bob Dye
Vintagefactor

<http://www.vintagefactor.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20100125/c09f02c3/attachment-0001.html 


More information about the Info-cyrus mailing list