[Dovecot] STARTTLS problem
Lucas -LandM-
lucas at landm.net
Thu Feb 3 00:03:03 EET 2011
Hi Timo again,
It works right now, but only in command line approach:
gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...
- Simple Client Mode:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
1 starttls
1 OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1023 bits
- Peer's public key: 1021 bits
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `C=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP
server,CN=imap.client.com,EMAIL=postmaster at client.com', issuer
`C=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP
server,CN=imap.client.com,EMAIL=postmaster at client.com', RSA key 1024
bits, signed using RSA-SHA, activated `2011-02-02 18:46:20 UTC', expires
`2021-01-30 18:46:20 UTC', SHA-1 fingerprint
`17861d69831182042fbc1544a30cf33c4059ff06'
- The hostname in the certificate does NOT match 'client'
Thunderbird loops "Checking mail server capabilities" for ever.
server log:
Warning: SSL failed: where=0x2002: SSLv3 read client certificate A
[83.61.13.57]
Feb 2 22:01:55 s13 dovecot: imap-login: Disconnected (no auth
attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected
Any other suggestion?
Thank you,
Lucas
On 02/02/2011 22:16, Timo Sirainen wrote:
> On Wed, 2011-02-02 at 21:28 +0100, Lucas -LandM- wrote:
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
>> IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
>> *** Starting TLS handshake
>
> You're starting it too early. Give "x starttls" command first.
>
>
More information about the dovecot
mailing list