Server running Debian Squeeze, client running Ubuntu 12.04
GNU Mailutils 2.99.96 on both server and client machines.
mailutils.rc on server:
tls {
# Enable TLS support.
enable 1;
# Specify SSL certificate file.
ssl-cert /etc/exim4/imap.crt;
# Specify SSL certificate key file.
ssl-key /etc/exim4/imap.key;
# Specify trusted CAs file.
#ssl-cafile FILE;
}
Have Exim4 running on server, using exim-supplied script to generate crt
and key files. Copied them and changed group read permission, so that
imap4d will advertise STARTTLS when queried with CAPABILITY.
So far, so good.
But when I try to STARTTLS with imap4d, it seems to choke and fall over.
"How about trying 'mu imap'?", you say? Okay!
~$ mu imap
imap> connect workingdroid.com
imap> capability
CAPA: IMAP4rev1
CAPA: NAMESPACE
CAPA: ID
CAPA: IDLE
CAPA: LITERAL+
CAPA: UNSELECT
CAPA: STARTTLS
CAPA: AUTH=ANONYMOUS
CAPA: AUTH=EXTERNAL
CAPA: AUTH=LOGIN
CAPA: AUTH=PLAIN
CAPA: AUTH=SECURID
CAPA: AUTH=DIGEST-MD5
CAPA: AUTH=CRAM-MD5
CAPA: AUTH=SCRAM-SHA-1
imap> starttls
mu: starttls failed: Operation failed
mu: server reply: STARTTLS Begin TLS negotiation
imap>
When I try against Exim, I get:
~$ openssl s_client -connect workingdroid.com:25 -starttls smtp
-- snip --
SSL handshake has read 1784 bytes and written 587 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
BAFE6111D6FF8B355690E1FCABD40AA0581166309B9D032CF90F657978A5B0EB
Session-ID-ctx:
Master-Key:
6CC657F241B4E26FF7888BAC74D8B9690AA4439590790BBAAAAEB2CAD8480FFF2C5BCD57CC75AA63DE2F7A5466EF5EDF
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1338467840
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 HELP
BYE
HEARTBEATING
I'm not an expert, but that looks like it worked? So the key seems to be
OK, because I'm using a brand new digital copy of it for Mailutils!
Now, when I try against imap4d:
~$ openssl s_client -connect workingdroid.com:143 -starttls imap -state
-debug
-- snip --
SSL_connect:unknown state
read from 0xa0dab78 [0xa0e0120] (7 bytes => 0 (0x0))
3078318280:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 260 bytes and written 252 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I googled the OpenSSL "error:140790E5", without much success. One issue
seemed to think key sizes larger than 1024 were an issue, but according to
the info in the Exim output, the key size *is* 1024.
Any thoughts would be greatly appreciated -- I'm many hours into this issue
already.
TIA,
Chris Hall
P.S. Sometimes when this happens, my server ends up with 2 copies of imap4d
running. The mail.info log shows imap4d terminating, then somehow starting
again.
P.P.S. Even when I start imap4d as follows:
imap4d --set=transcript=yes -d --debug-level="auth.trace2;remote.trace6"
I get *no* extra ouput in the logs? Is there something else I need to add
to get this debug info?
_______________________________________________
Bug-mailutils mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-mailutils
