Hi All,
Some time ago we all developed and integrated patches that allows UW
IMAP to speak TLS 1.2 and use DH and ECDHE ciphers.
I have noticed that the c-client library itself, however, seems stuck
on TLS 1.0 and non-DH ciphers (I noticed that as we forced some
servers to use ONLY the DH and TLS 1.2+ and found that things using the
compiled c-client libraries could no longer connect to them.... where
as anything else can (openssl with startls, etc.).
It is interesting as it seems related to STARTTLS, specifically. I.e.,
if a server runs IMAPd on 993 and 143 (for direct-TLS and STARTTLS,
respectively), the c-client library seems to have no problem
negotiating on port 993. However, when pointed to 143, it fails to
negotiate TLS with a protocol and/or cipher mismatch error (depending
on how I configured the server).
Has anyone encountered this and / or found a way for upgrade the
c-client STARTTLS support? This seems to be related to code in
src/c-client/imap4r1.c but I am not familiar enough with this to
formulate a patch myself without climbing a steep learning curve on
C-based openssl client software.
Thanks,
-Erik Kangas
Erik Kangas, PhD
CEO
+1 617.596.9558
[email protected]
[1]www.LuxSci.com
[2]Erik on LinkedIn
This email communication is covered under LuxSci's [3]privacy policy.
On February 15, 2019 01:21:54 pm EDT, "Mabry Tyson" <[email protected]> wrote:
Erik, I had previously expressed interest in doing this. However, I
have just started evaluating other, maintained alternatives (Dovecot,
Courier IMAP, ...) to move to. We will also move from an older Solaris
machine to an Ubuntu machine.
At this point, I'm concerned about having to change our site's mail
storage format. We use mix format (we use 10MB files). Both Dovecot &
Courier seem to prefer maildir (1 file per message) which gives me
concern about the number of files in a directory. (I am probably the
only one, but I have rarely-read mail files of system logs with on the
order of 1M messages). Dovecot has a a mix-like format (multiiple
messages per file), but indicates that procmail (which we use) doesn't
support that, but apparently there is a dmail-type program that I can
use with procmail.
I knew Marc Crispin back in the day (from Tops-10 days). He believed in
standards, in being precise with specifications, and coding for future
requirements. He did good work. I will be sad to move away from his
code base, but I can't devote the time to keeping his code running. (It
is less about changing the code, than about making sure it works for the
OS & file-system variants other than mine.)
Good luck!
On 2/15/19 8:03 AM, Erik Kangas, Ph.D. wrote:
Hi All,
Has anyone progressed with compiling openssl 1.1.1 with panda IMAP?
If not, is anyone interested in doing this as a small consulting
project (which we would make available to the group when done)?
Thanks,
-Erik Kangas
LuxSci
_______________________________________________
Imap-uw mailing list
[email protected]
[4]http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
References
Visible links
1.
https://luxsci-email.com/92tKupfhQ9vC8W0ErYgFr_-BYRKwv2mTcbYP88oHkpf7_-5/email-link/500/5/send-me?to=https://luxsci.com
2.
https://luxsci-email.com/92tKupfhQ9vC8W0ErYgFr_-BYRKwv2mTcbYP88oHkpf7_-5/email-link/500/5/send-me?to=https://www.linkedin.com/in/erikkangas/
3.
https://luxsci-email.com/92tKupfhQ9vC8W0ErYgFr_-BYRKwv2mTcbYP88oHkpf7_-5/email-link/500/5/send-me?to=https://luxsci.com/extranet/privacy.html
4.
https://luxsci-email.com/92tKupfhQ9vC8W0ErYgFr_-BYRKwv2mTcbYP88oHkpf7_-5/email-link/500/5/send-me?to=http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
_______________________________________________
Imap-uw mailing list
[email protected]
http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
