[Dovecot] STARTTLS problem

Lucas -LandM- lucas at landm.net
Thu Feb 3 00:03:03 EET 2011


  Hi Timo again,

    It works right now, but only in command line approach:

  gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...

- Simple Client Mode:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
1 starttls
1 OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
  - Using prime: 1024 bits
  - Secret key: 1023 bits
  - Peer's public key: 1021 bits
- Certificate type: X.509
  - Got a certificate list of 1 certificates.
  - Certificate[0] info:
   - subject `C=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP 
server,CN=imap.client.com,EMAIL=postmaster at client.com', issuer 
`C=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP 
server,CN=imap.client.com,EMAIL=postmaster at client.com', RSA key 1024 
bits, signed using RSA-SHA, activated `2011-02-02 18:46:20 UTC', expires 
`2021-01-30 18:46:20 UTC', SHA-1 fingerprint 
`17861d69831182042fbc1544a30cf33c4059ff06'
- The hostname in the certificate does NOT match 'client'

  Thunderbird loops "Checking mail server capabilities" for ever.
server log:
Warning: SSL failed: where=0x2002: SSLv3 read client certificate A 
[83.61.13.57]
Feb  2 22:01:55 s13 dovecot: imap-login: Disconnected (no auth 
attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected

Any other suggestion?


  Thank you,
   Lucas


On 02/02/2011 22:16, Timo Sirainen wrote:
> On Wed, 2011-02-02 at 21:28 +0100, Lucas -LandM- wrote:
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
>> IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
>> *** Starting TLS handshake
>
> You're starting it too early. Give "x starttls" command first.
>
>



More information about the dovecot mailing list