[Dovecot] IPv6 & SSL

Nick Rosier nick+dovecot at bunbun.be
Fri Oct 5 23:47:53 EEST 2012 


Luigi Rosa wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
> I have a dual stack server with Dovecot 2.1.10 listening on v4 and v6
>
> Dovecot has a Comodo SSL certificate issued via NameCheap that works as
> expected with IPv4
>
> in 10-ssl.conf I have enabled these configuraction directives:
>
> ssl = yes
> ssl_cert =<  /path/to/file.crt
> ssl_key =<  /path/to/file.key
> ssl_parameters_regenerate = 202 hours
>
>
> If I connect to Dovecot using the IPv6 address of the server with Thunderbird
> 15.0.1 uising CRAM-MD5 averything is ok.
> If I enable SSL _and_ IPv6 on Thunderbird I get this error:
How do you enable this in Thunderbird? If by "enabling IPv6" you mean 
you put in the IPv6 address in stead of the hostname, that's probably 
where you're wrong. The certificate contains your hostname, not the 
IP-address so the hostname verification check fails if you insert the 
IPv6 address (i.e. hostname.tld != 
2001:470:1f09:203:fdbf:508e:4a29:56c5so your connection fails).
I've verified this by changing the hostname to IPv6 in Thunderbird and 
got the same error as you do. You would get the same error if you 
configure the IPv4 address in TB.
> Oct  5 20:05:04 mail dovecot: imap-login: Disconnected (no auth attempts in 1
> secs): user=<>, rip=2001:470:1f09:203:fdbf:508e:4a29:56c5,
> lip=2001:470:1f09:203::badd:ecaf, TLS: SSL_read() failed: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48,
> session=<ZcMRtlPLqgAgAQRwHwkCA/2/UI5KKVbF>
This is a valid connection when I use the hostname:

2012-10-04T18:07:51.614187+02:00 mail dovecot: imap-login: Login: 
user=<user at domain>, method=CRAM-MD5, rip=yyyy:yyyy:::yyyy, 
lip=xxxx:xxxx:::xxxx, mpid=58179, TLS, TLSv1 with cipher RC4-MD5 
(128/128 bits)

Configure your DNS so your hostname points to both the IPv6 and IPv4 
address. Your client will take take whichever protocol is preferred 
(IPv4 or IPv6).

Rgds,
N.
>
> Ciao,
> luigi
>
> - -- 
> /
> +--[Luigi Rosa]--
> \
>
> I will tell you a great secret, Captain. Perhaps the greatest of all
> time. The molecules of your body are the same molecules that make up
> this station and the nebula outside, that burn inside the stars
> themselves. We are star stuff, we are the universe made manifest,
> trying to figure itself out. As we have both learned, sometimes
> the universe requires a change of perspective."
>      --Delenn, "Distant Star", Babylon 5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -http://www.enigmail.net/
>
> iEYEARECAAYFAlBvI50ACgkQ3kWu7Tfl6ZRBSACfRkp4FYpWaEZUQhIh0t6Vfs/I
> JbcAoKGZ769yogYS7faCXKvPTuhQiHA8
> =jxCB
> -----END PGP SIGNATURE-----

More information about the dovecot mailing list