Ricardo Kleemann writes:
Either copy it as an imap or a pop3 certificate, or run mkpop3dcert andGnuTLS.mkimapdcert scripts.Ok, I've regenerated the certificate. The ssl2 and ssl3 still fail. The tls1 looks like it's ok. What do I need to do to make the ssl2/3 not fail?Again -- check whether you've built Courier against the OpenSSL orIt's possible that the openssl client may have an interoperability issue with GnuTLS.I'm trying to find out, I'm not sure how the Ubuntu package is built. But in any case in my mail.log I still see Apr 5 09:21:02 321 courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Anyone know what that error means?
This means a version mismatch. The peer is not negotiating a mutually-accepted protocol.
The protocol is selected by the TLS_PROTOCOL setting. The default setting should be the most liberal -- all protocols are acceptable. Note that, as I said previously, the default setting was changed some time ago. Earlier versions of Courier did not use a good default value, and, with OpenSSL, it was necessary to explicitly set TLS_PROTOCOL to SSL23 in order to accept all protocol levels.
Perhaps you're running an older version of Courier -- try explicitly setting TLS_PROTOCOL to SSL23.
pgp8mjHlVKadx.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
