On 2001-01-20, Tommi Komulainen <[EMAIL PROTECTED]> wrote:
:
: IIRC the reason for 'NONE' is that there's a slight mismatch between
: client and server SSL protocols and versions. See below.
Ah, thanks. That's helpful.
: In this case the FM would be README.SSL:
I've already tried all of Mutt's ssl_use_* options in various
combinations, with no difference in the behaviour. The "openssl"
tests all seem to be about the same, looks like there's a handshaking
problem. The results are below. Maybe this is a problem with the
stunnel "wrapper" I'm using on the IMAP server, though why it should
work with Netscape Messenger is beyond me.
tres$ openssl s_client -host imap -port 993 -verify -debug -no_tls1
verify depth is 0
CONNECTED(00000003)
depth=0
[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0
[EMAIL PROTECTED]
verify return:1
9577:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:958:SSL alert number 40
9577:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:
tres$ openssl s_client -host imap -port 993 -verify -debug -no_ssl2
verify depth is 0
CONNECTED(00000003)
depth=0
[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0
[EMAIL PROTECTED]
verify return:1
9578:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:958:SSL alert number 40
9578:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:
tres$ openssl s_client -host imap -port 993 -verify -debug -no_ssl3
verify depth is 0
CONNECTED(00000003)
depth=0
[EMAIL PROTECTED]
verify error:num=18:self signed certificate
verify return:1
depth=0
[EMAIL PROTECTED]
verify return:1
9583:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:958:SSL alert number 40
9583:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:
Last bit: here are a few representative log entries from the
IMAP server:
Jan 19 16:11:56 imap stunnel[20202]: /usr/sbin/imapd connected from 128.117.193.5:1843
Jan 19 16:11:56 imap stunnel[20202]: Generating Diffie-Hellman key...
Jan 19 16:11:56 imap stunnel[20202]: could not load DH parameters
Jan 19 16:11:56 imap stunnel[20202]: SSL_accept: error:0906D06C:PEM
routines:PEM_read_bio:no start line
Jan 19 16:11:56 imap /usr/sbin/imapd[20203]: port 2472 service init from 127.0.0.1
Jan 19 16:11:56 imap /usr/sbin/imapd[20203]: Broken pipe, while reading line user=???
host=UNKNOWN
--
Tres Hofmeister <[EMAIL PROTECTED]> http://www.rap.ucar.edu/~tres/
Research Applications Program, National Center for Atmospheric Research