Re: More success with TLS; problem with STARTTLS
JOYDEEP wrote: Dear all, here is some more success story. 1 using LOGIN imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed Please enter your password: C: L01 LOGIN aftab {5} S: + go ahead C: omitted S: L01 OK User logged in Authenticated. Security strength factor: 256 2Using PLAIN imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi 'S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 - 3 but the problem is using STARTTLS sorry to forget mentioning the command. it is imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -t --- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed failure: STARTTLS not supported by the server! -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
Hello Joydeep Selon JOYDEEP [EMAIL PROTECTED]: Dear all, here is some more success story. 1 using LOGIN imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed Please enter your password: C: L01 LOGIN aftab {5} S: + go ahead C: omitted S: L01 OK User logged in Authenticated. Security strength factor: 256 2Using PLAIN imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi 'S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 - 3 but the problem is using STARTTLS --- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed failure: STARTTLS not supported by the server! -- You should not issue a STARTTLS over a SSL session. Your connection is already crypted. BTW the server does not offers STARTTLS in its capabilities. So ... your config is OK (according to me) ! ;-) Arnaud Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
[EMAIL PROTECTED] wrote: Hello Joydeep Selon JOYDEEP [EMAIL PROTECTED]: Dear all, here is some more success story. 1 using LOGIN imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bitssnip /snip /snip You should not issue a STARTTLS over a SSL session. Your connection is already crypted. BTW the server does not offers STARTTLS in its capabilities. So ... your config is OK (according to me) ! ;-) Arnaud OK, Arnaud now it is clear to me SSL includes STARTTLS. thanks a lot. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
On Mon, 2007-04-02 at 12:36 +0530, JOYDEEP wrote: Dear all, here is some more success story. 1 using LOGIN imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed Please enter your password: C: L01 LOGIN aftab {5} S: + go ahead C: omitted S: L01 OK User logged in Authenticated. Security strength factor: 256 2Using PLAIN imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi 'S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 - 3 but the problem is using STARTTLS --- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE S: C01 OK Completed failure: STARTTLS not supported by the server! -- As you can see, you already use TLS when connecting to 993/995. STARTTLS doesn't make sense and therefore is not supported. Connect to unencrypted services ( 110/143 ), then ask for STARTTLS. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? If ignorance is bliss, why aren't there more happy people? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
JOYDEEP wrote: OK, Arnaud now it is clear to me SSL includes STARTTLS. No, it just negates the need for it. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
JOYDEEP wrote: imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -t You want to test STARTTLS on the default IMAP port: imtest -a aftab -m LOGIN -t linux.kolkatainfoservices.in Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html