Cyrus imap TLS and SSL

From: Keith Nunn (kapn_at_kapn.net)
Date: 02/14/05

  • Next message: spamcontact_at_vicman.net: "Autoreply: Re: approved file ... 4383114699" 
    Date: Mon, 14 Feb 2005 12:16:27 -0500
To: freebsd-isp@freebsd.org

    I'm new to e-mail setups at this level, but have some familiarity with
    the basics. I've spent days poring over what docs I can find and HOWTOs
    for any number of setups involving Cyrus IMAP. What I have been utterly
    unable to figure out is how to get secure connections working on my
    machine.

    The relevant entries for imapd offer valid certificates and TLS is
    working for Sendmail.
    imapd.conf:
    sasl_pwcheck_method: saslauthd
    sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
    tls_cert_file: /usr/local/certs/cyrus-global.pem
    tls_key_file: /usr/local/certs/private/cyrus-global.key
    tls_ca_file: /usr/local/certs/cyrus-global.pem
    tls_ca_path: /usr/local/certs/
    tls_session_timeout: 1440
    tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH

    CAPABILITY reports:
    S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
    NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
    BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
    STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR

    a local test with:
    imtest -s -a kapn -m login -p imap -v localhost

    fails thus:
    starting TLS engine
    setting up TLS connection
    SSL_connect:before/connect initialization
    write to 080652C0 [08083000] (100 bytes => 100 (0x64))
    0000 16 03 01 00 5f 01 00 00|5b 03 01 42 10 db e2 13
    0010 57 f9 cb 4d 90 42 67 d2|d4 31 46 5f 8a ec a5 69
    0020 ec da 60 3e f9 fa 5d 0c|38 92 49 00 00 34 00 39
    0030 00 38 00 35 00 16 00 13|00 0a 00 33 00 32 00 2f
    0040 00 66 00 05 00 04 00 63|00 62 00 61 00 15 00 12
    0050 00 09 00 65 00 64 00 60|00 14 00 11 00 08 00 06
    0060 00 03 01
    0064 - <SPACES/NULS>

    SSL_connect:SSLv3 write client hello A
    read from 080652C0 [0807A000] (5 bytes => 5 (0x5))
    0000 2a 20 4f 4b
    0005 - <SPACES/NULS>

    write to 080652C0 [08089000] (7 bytes => 7 (0x7))
    0000 15 20 4f 00 02 02 46
    SSL3 alert write:fatal:protocol version
    SSL_connect:error in SSLv3 read server hello A -1
    SSL_connect error -1
    SSL session removed
    failure: TLS negotiation failed!

    I'm more than willing to be told I'm a dope and am missing obvious, but
    I'd really love suggestions if you have any.

    kapn
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: spamcontact_at_vicman.net: "Autoreply: Re: approved file ... 4383114699"