Re: More success with TLS; problem with STARTTLS
JOYDEEP wrote:
Dear all,
here is some more success story.
1 using LOGIN
imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN aftab {5}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 256
2Using PLAIN
imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi
'S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
-
3 but the problem is using STARTTLS
sorry to forget mentioning the command.
it is
imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -t
---
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
failure: STARTTLS not supported by the server!
--
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
Hello Joydeep
Selon JOYDEEP [EMAIL PROTECTED]:
Dear all,
here is some more success story.
1 using LOGIN
imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN aftab {5}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 256
2Using PLAIN
imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi
'S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
-
3 but the problem is using STARTTLS
---
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
failure: STARTTLS not supported by the server!
--
You should not issue a STARTTLS over a SSL session. Your connection is already
crypted.
BTW the server does not offers STARTTLS in its capabilities.
So ... your config is OK (according to me) ! ;-)
Arnaud
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
[EMAIL PROTECTED] wrote: Hello Joydeep Selon JOYDEEP [EMAIL PROTECTED]: Dear all, here is some more success story. 1 using LOGIN imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -- verify error:num=19:self signed certificate in certificate chain verify error:num=24:invalid CA certificate verify error:num=26:unsupported certificate purpose TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bitssnip /snip /snip You should not issue a STARTTLS over a SSL session. Your connection is already crypted. BTW the server does not offers STARTTLS in its capabilities. So ... your config is OK (according to me) ! ;-) Arnaud OK, Arnaud now it is clear to me SSL includes STARTTLS. thanks a lot. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
On Mon, 2007-04-02 at 12:36 +0530, JOYDEEP wrote:
Dear all,
here is some more success story.
1 using LOGIN
imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN aftab {5}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 256
2Using PLAIN
imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi
'S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
-
3 but the problem is using STARTTLS
---
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
failure: STARTTLS not supported by the server!
--
As you can see, you already use TLS when connecting to 993/995.
STARTTLS doesn't make sense and therefore is not supported.
Connect to unencrypted services ( 110/143 ), then ask for STARTTLS.
--
Mirosław Psyborg Jaworski
GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O-
M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y?
If ignorance is bliss, why aren't there more happy people?
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
JOYDEEP wrote: OK, Arnaud now it is clear to me SSL includes STARTTLS. No, it just negates the need for it. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More success with TLS; problem with STARTTLS
JOYDEEP wrote: imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s -t You want to test STARTTLS on the default IMAP port: imtest -a aftab -m LOGIN -t linux.kolkatainfoservices.in Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
