Mark Crispin wrote:
I installed open-ssl and then recompiled uw-imap. Still TLS does not work. I can only connect via SSL at port 993, not via TLS at port 143.
How does it "not work"?
I cannot log in and the only messages I got are those below from Mozilla and from /var/log/mail.
What happens when you connect to port 143? Do you get the normal IMAP greeting message? If so, what happens when a TLS-enabled client does a STARTTLS command?
When I connect with telnet, I get this at port 143:
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS LOGINDISABLED] admnb IMAP4rev1 2003.339 at Tue, 16 Dec 2003 08:13:03 +0100 (CET)
Monitoring the communication, it seems that Mozilla does not do STARTTLS. It only tries "authenticate plain".
I have activated "Use secure authentication" in Mozilla 1.5, but it says "Login to server blah failed" and I get "AUTHENTICATE PLAIN failure" in /var/log/mail.
This is authentication, which is a separate issue.
Hm, doesn't that error message mean, that Mozilla tries to do plain authentication when it should do STARTTLS first? ;-)
I don't use Mozilla, and I don't know what "Use secure authentication" does in Mozilla.
It is not described in the docs, but I tested with another server (monitoring the communication) that does not send its capabilities and it seems Mozilla then does "authenticate CRAM-MD5".
If Mozilla (or whatever other IMAP client) tries to do AUTHENTICATE PLAIN in a port 143 session without first negotiating STARTTLS, it is expected that the authentication will fail.
So, it seems that Mozilla can not do TLS over 143.
I have now tried to use CRAM-MD5. I enabled it in uw-imap and it correctly advertises it in the capabilities. Still Mozilla does not start with "authenticate CRAM-MD5". It seems that Mozilla has problems interpreting the capabilities.
So, I have 2 questions: If I use CRAM-MD5, can I do login via port 143 then?
Can I disable advertising the capabilities in uw-imap?
Thanks!
Thomas
