Brian Candler wrote:
> On Mon, Jan 22, 2007 at 01:11:53PM -0700, Chris Purves wrote:
>> I am having trouble getting SSLv3 to work on port 995 for POP3. I have
>> TLS and SSL working for IMAP on ports 143 and 993 respectively, and TLS
>> for POP3 working on port 110, but if I try to establish an SSL
>> connection to port 995 using Thunderbird I get the error: "TLS required
>> to log in."
>>
>> I have compared my pop3d-ssl and imapd-ssl config files and can't see
>> any difference that would allow one to work and not the other.
I did get things to work the way I want, but here is the information you
requested, in case it is still useful.
> Can you post both config files please?
# pop3d-ssl created from pop3d-ssl.dist by sysconftool
#
##NAME: SSLPORT:0
SSLPORT=995
##NAME: SSLADDRESS:0
SSLADDRESS=0
##NAME: SSLPIDFILE:0
SSLPIDFILE=/var/run/courier/pop3d-ssl.pid
##NAME: POP3DSSLSTART:0
POP3DSSLSTART="YES"
##NAME: POP3_STARTTLS:0
POP3_STARTTLS="YES"
##NAME: POP3_TLS_REQUIRED:1
POP3_TLS_REQUIRED=1
##NAME: COURIERTLS:0
COURIERTLS=/usr/bin/couriertls
##NAME: TLS_PROTOCOL:0
TLS_PROTOCOL=SSL3
##NAME: TLS_STARTTLS_PROTOCOL:0
TLS_STARTTLS_PROTOCOL=TLS1
##NAME: TLS_CIPHER_LIST:0
# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
##NAME: TLS_TIMEOUT:0
##NAME: TLS_DHCERTFILE:0
# TLS_DHCERTFILE=
##NAME: TLS_CERTFILE:0
TLS_CERTFILE=/etc/courier/pop3d.pem
##NAME: TLS_TRUSTCERTS:0
# TLS_TRUSTCERTS=
##NAME: TLS_VERIFYPEER:0
TLS_VERIFYPEER=NONE
##NAME: TLS_CACHE:0
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
##NAME: MAILDIRPATH:0
MAILDIRPATH=Maildir
# imapd-ssl created from imapd-ssl.dist by sysconftool
#
##NAME: SSLPORT:1
SSLPORT=993
##NAME: SSLADDRESS:0
SSLADDRESS=0
##NAME: SSLPIDFILE:0
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
##NAME: IMAPDSSLSTART:0
IMAPDSSLSTART="YES"
##NAME: IMAPDSTARTTLS:0
IMAPDSTARTTLS="YES"
##NAME: IMAP_TLS_REQUIRED:1
IMAP_TLS_REQUIRED="1"
##NAME: COURIERTLS:0
COURIERTLS=/usr/bin/couriertls
##NAME: TLS_PROTOCOL:0
TLS_PROTOCOL=SSL3
##NAME: TLS_STARTTLS_PROTOCOL:0
TLS_STARTTLS_PROTOCOL=TLS1
##NAME: TLS_CIPHER_LIST:0
# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
##NAME: TLS_TIMEOUT:0
##NAME: TLS_DHCERTFILE:0
# TLS_DHCERTFILE=
##NAME: TLS_CERTFILE:0
TLS_CERTFILE=/etc/courier/imapd.pem
##NAME: TLS_TRUSTCERTS:0
# TLS_TRUSTCERTS=
##NAME: TLS_VERIFYPEER:0
TLS_VERIFYPEER=NONE
##NAME: TLS_CACHE:0
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
##NAME: MAILDIRPATH:0
MAILDIRPATH=Maildir
> What happens if you try each of the following at the command line:
>
> openssl s_client -connect 127.0.0.1:995
[EMAIL PROTECTED]:~$ openssl s_client -connect 127.0.0.1:995
CONNECTED(00000003)
depth=0
/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
verify return:1
---
Certificate chain
0
s:/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
i:/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICv...
-----END CERTIFICATE-----
subject=/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
issuer=/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
---
No client certificate CA names sent
---
SSL handshake has read 867 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
EE339AA05C39EC0E47EC8078C15BBDED1F96B440A3B4A26F2FF6A65394BC7C6A
Session-ID-ctx:
Master-Key:
C57FBACF0E7BA7A910386B7A76866C524A0D3D5158DB94656548A57A92BFB28B1AD3F8200B50445744E0B7EED027C65E
Key-Arg : None
Start Time: 1169655950
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
+OK Hello there.
CAPA
+OK Here's what I can do:
STLS
TOP
USER
LOGIN-DELAY 10
PIPELINING
UIDL
IMPLEMENTATION Courier Mail Server
.
USER chris
+OK Password required.
PASS ****
+OK logged in.
QUIT
DONE
> openssl s_client -ssl3 -connect 127.0.0.1:995
[EMAIL PROTECTED]:~$ openssl s_client -ssl3 -connect 127.0.0.1:995
CONNECTED(00000003)
depth=0
/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
verify return:1
---
Certificate chain
0
s:/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
i:/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvT...
-----END CERTIFICATE-----
subject=/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
issuer=/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
---
No client certificate CA names sent
---
SSL handshake has read 883 bytes and written 312 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv3
Cipher : AES256-SHA
Session-ID:
1724D372B854E326F61006C34A0781B036F7B75923678EB4DEEA60DB1B9BBB04
Session-ID-ctx:
Master-Key:
188407986D23C2E8570475C3887CF6136680F34D261B4D39741F3030E10A4AACB2093DD6BA565B3A39EB04F2A97D27E4
Key-Arg : None
Start Time: 1169656767
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
+OK Hello there.
CAPA
+OK Here's what I can do:
STLS
TOP
USER
LOGIN-DELAY 10
PIPELINING
UIDL
IMPLEMENTATION Courier Mail Server
.
USER chris
+OK Password required.
PASS ****
+OK logged in.
QUIT
DONE
> openssl s_client -tls1 -connect 127.0.0.1:995
[EMAIL PROTECTED]:~$ openssl s_client -tls1 -connect 127.0.0.1:995
CONNECTED(00000003)
depth=0
/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
verify return:1
---
Certificate chain
0
s:/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
i:/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICv...
-----END CERTIFICATE-----
subject=/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
issuer=/C=CA/ST=Alberta/L=Edmonton/O=northfolk.ca/OU=./CN=mail.northfolk.ca/[EMAIL
PROTECTED]
---
No client certificate CA names sent
---
SSL handshake has read 867 bytes and written 298 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
58F07CB5A199099BF02B42893063B908C8931AE8869F5CECCF07ECCF97BCB1A6
Session-ID-ctx:
Master-Key:
0224C189DE0764D20D4671DD9379066F9234216931DE9A7E8072BDB02382E756C5E60C460FD780D8F04C7E61DD5E37E5
Key-Arg : None
Start Time: 1169657072
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
+OK Hello there.
CAPA
+OK Here's what I can do:
STLS
TOP
USER
LOGIN-DELAY 10
PIPELINING
UIDL
IMPLEMENTATION Courier Mail Server
.
USER chris
+OK Password required.
PASS ****
+OK logged in.
QUIT
DONE
--
Chris
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
