Problems with port 993 (SSL)

[Shaheen Bakhtiar]

> On Sep 1, 2015, at 8:35 AM, Patrick Boutilier <boutilpj at ednet.ns.ca> wrote:
> 
> On 09/01/2015 12:26 PM, Paul van der Vlis wrote:
>> Hello,
>> 
>> Since yesterday I get phone calls from Apple users about port 993 not
>> working anymore. Some other users don't have problems using port 993.
>> 
>> No problems on port 143 with starttls.
>> 
>> I've tested it myself on Linux, same problem.
>> Starttls works, but SSL/TLS does not.
>> 
>> I think it has to do with security problems in the SSL-protocol, and
>> updates in mailclients. Is here someone who knows more?
>> 
>> My mail setup is a bit old (Debian Squeeze), I am testing a new setup at
>> the moment with Debian Jessie.
>> 
>> With regards,
>> Paul van der Vlis.
>> 
>> 
>> 
> 
> What version of Cyrus?
> 
> <boutilpj.vcf>----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Ran into a similar problem when users upgraded to OS X 10.10.4 on the SMTP side of the equation. Perhaps you are running into it on the IMAP side??

Apple (as Apple does often) simply changed implementation (without much notice) no longer excepting “weak” public key exchange. In order for Mail.app to work you need to use a Diffie–Hellman key greater than 1024. I switched ours to 2048 just to be safe. 

However, we never had issues with IMAP only SMTP.

Discussions:
https://discussions.apple.com/thread/7104500 <https://discussions.apple.com/thread/7104500>
https://discussions.apple.com/thread/7105583 <https://discussions.apple.com/thread/7105583>

Solutions was found:
https://discussions.apple.com/thread/7104500?start=60&tstart=0 <https://discussions.apple.com/thread/7104500?start=60&tstart=0>

Hope this helps :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150901/5589ca7f/attachment.html