John,
Looks like you use the old certificate (stunnel.pem)
with the new stunnel. The DH errors mean you won't
be able to use DH algorithm for key exchange.
RSA will work for you, anyway.
Solution: Do "make cert" and install the new certificate.
About permissions: Certificate should be only readable
for the user. "make install" should do it for you.
Regards,
Mike
---
Michal Trojnara * +48 501 00 12 43
IT Security Officer * PTK Centertel
>>> "John Castillo" <[EMAIL PROTECTED]> 1999.07.16 02:42 >>>
Hello All,
Argghh.. where did my hair go!
I have been trying to configure SSL for use with my current imap server (Cyrus). I
found a couple or reference pages which point to SSLeay (openssl) and stunnel which
would allow me to configure an SSL environment for Cyrus. If you could please help
with some suggestions or explanation of the error messages I'm getting, you're awesome
(because the key/cert/SSL part is stumping me). This is what I've done so far.
built SSLeay0.8.1b
built stunnel3.4a with RSAglue library
added the proper entry in /etc/inetd.conf
-namely simap stream tcp nowait cyrus /usr/local/sbin/stunnel -D 7 -l
/usr/cyrus/bin/imapd imapd
Everything looks good but now I get this error everytime one of my clients (outlook
express or Netscape messenger) tries
to connect to the SSL secure IMAP server...
Jul 15 17:45:20 phoenix stunnel[12524]: Wrong permissions on /usr/local/ssl/cert
s/stunnel.pem
Jul 15 17:45:20 phoenix stunnel[12524]: Could not load DH parameters from /usr/l
ocal/ssl/certs/stunnel.pem
Jul 15 17:45:20 phoenix stunnel[12524]: Diffie-Hellman initialization failed
Jul 15 17:45:20 phoenix stunnel[12524]: stunnel 3.4a on i686-pc-linux-gnu PTHREA
D+LIBWRAP
Jul 15 17:45:20 phoenix stunnel[12524]: 7 connected from 172.16.0.227:3679
It seems to WORK though.. I'm just wondering what all the DH errors are all about.
John C.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
