SYSTEM INFORMATION: OS: CentOS 7 Cyrus-Imap: RPM = cyrus-imapd-2.4.17-15.el7.x86_64
TLS CONFIGURATION: tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.key tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cipher_list: HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH tls_prefer_server_ciphers: 1 tls_versions: tls1_2 #tls_versions: tls1_0 tls1_1 tls1_2 PROBLEM: When I attempt to login using cyradm I get SSL/TLS errors. The only way I have been able to get this to work was to enable TLS version 1.0. Security team won't allow less than TLS1.2 and I am not able to move to a newer OS at this time. Is there a way to get it working on CentOS 7 with TLSv1.2 or later? Maybe I need different ciphers? If I uncomment the last line I am able to connect and login. tls_versions: tls1_0 tls1_1 tls1_2 ERRORS: :~$ cyradm --user cyrus --tlskey --auth plain localhost [ SSL_connect error -1 ] [ SSL session removed ] [ TLS negotiation did not succeed ] LOGS: With only TLSv1.2 enabled imap[]: STARTTLS negotiation failed: localhost [127.0.0.1] LOGS: With TLSv1.0 enabled imap[]: starttls: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication Any assistance is appreciated. --Ez ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T21eaaa194ab9b730-Mb01973f841d0bc229cd0d491 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
