Re: SSL Error, Mutt 1.2.5

Fri, 19 Jan 2001 15:01:36 -0800 

On 2001-01-20, Tommi Komulainen <[EMAIL PROTECTED]> wrote:
: 
: IIRC the reason for 'NONE' is that there's a slight mismatch between
: client and server SSL protocols and versions.  See below.

        Ah, thanks.  That's helpful.


: In this case the FM would be README.SSL:

        I've already tried all of Mutt's ssl_use_* options in various
combinations, with no difference in the behaviour.  The "openssl"
tests all seem to be about the same, looks like there's a handshaking
problem.  The results are below.  Maybe this is a problem with the
stunnel "wrapper" I'm using on the IMAP server, though why it should
work with Netscape Messenger is beyond me.

tres$ openssl s_client -host imap -port 993 -verify -debug -no_tls1
verify depth is 0
CONNECTED(00000003)
depth=0 
[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0 
[EMAIL PROTECTED]
verify return:1
9577:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
failure:s3_pkt.c:958:SSL alert number 40
9577:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:

tres$ openssl s_client -host imap -port 993 -verify -debug -no_ssl2
verify depth is 0
CONNECTED(00000003)
depth=0 
[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0 
[EMAIL PROTECTED]
verify return:1
9578:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
failure:s3_pkt.c:958:SSL alert number 40
9578:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:

tres$ openssl s_client -host imap -port 993 -verify -debug -no_ssl3
verify depth is 0
CONNECTED(00000003)
depth=0 
[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0 
[EMAIL PROTECTED]
verify return:1
9583:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
failure:s3_pkt.c:958:SSL alert number 40
9583:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:


        Last bit: here are a few representative log entries from the
IMAP server:

Jan 19 16:11:56 imap stunnel[20202]: /usr/sbin/imapd connected from 128.117.193.5:1843
Jan 19 16:11:56 imap stunnel[20202]: Generating Diffie-Hellman key...
Jan 19 16:11:56 imap stunnel[20202]: could not load DH parameters
Jan 19 16:11:56 imap stunnel[20202]: SSL_accept: error:0906D06C:PEM 
routines:PEM_read_bio:no start line
Jan 19 16:11:56 imap /usr/sbin/imapd[20203]: port 2472 service init from 127.0.0.1
Jan 19 16:11:56 imap /usr/sbin/imapd[20203]: Broken pipe, while reading line user=??? 
host=UNKNOWN

-- 
Tres Hofmeister <[EMAIL PROTECTED]>      http://www.rap.ucar.edu/~tres/
Research Applications Program, National Center for Atmospheric Research

Reply via email to