On Wed, Apr 18, 2012 at 08:44:49PM -0700, fr47Tb wrote:
> Having difficulty with communications between cyrus-imapd lmtpd (version
> 2.4.14) and postfix lmtp (version 2.9.1) using openssl
> (version 1.0.0-fips 29) on Centos (version 6) system.
FIPS could well be a problem, since it imposes limits on algorithms
that may be too strict. Is FIPS mode enabled by default?
> However communication breaks down between postfix and cyrus. Using TCP (24)
> port for common link. It appears that the read for server cipher list is
> requested prior to the information being placed in buffer,
You're misreading the debug logs. This is not the case. All SSL
read calls initially return -1 when the underlying network read
buffer is empty, these are then retried after reading more raw data
from the network.
> cyrus-imapd replies with 454 4.3(.3) TLS not available, then lmtp reads this
> as reply cipher list and fails with SSLv3/v2 protocol not found.
The real problem is that the lmtp(8) client and the LMTP server are out
of sync at this point, the client is starting an SSL handshake, so it
believes it got a positive response to STARTTLS.
You need to include earlier (plaintext) data exchanged during this
session. Either the LMTP client and server are out of sync, or
the server erroneously sends a plaintext error message after
responding positively to STARTTLS.
> Please see log output below.
In the future, please include the logs in your message, rather than
posting a URL.
--
Viktor.
