[Dovecot] STARTTLS problem
Lucas -LandM-
lucas at landm.net
Thu Feb 3 00:13:28 EET 2011
Hi Timo,
From other server:
gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...
- Simple Client Mode:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
9 starttls
9 OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1032 bits
- Secret key: 1016 bits
- Peer's public key: 1024 bits
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
# The hostname in the certificate does NOT match 'ip'.
Server log:
Feb 2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x10,
ret=1: before/accept initialization [83.170.89.109]
Feb 2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: before/accept initialization [83.170.89.109]
Feb 2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv2/v3 read client hello A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client hello A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server hello A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write certificate A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write key exchange A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server done A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client key exchange A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read certificate verify A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read finished A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write change cipher spec A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write finished A [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x20,
ret=1: SSL negotiation finished successfully [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=1: SSL negotiation finished successfully [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=256: warning close notify [83.170.89.109]
Feb 2 22:10:08 s13 dovecot: imap-login: Disconnected (no auth
attempts): rip=83.170.89.109, lip=109.200.5.221, TLS: Disconnected
Same error in thunderbird :(
Feb 2 22:12:44 s13 dovecot: imap-login: Disconnected (no auth
attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected
Regards,
Lucas
On 02/02/2011 23:03, Timo Sirainen wrote:
> On Wed, 2011-02-02 at 22:47 +0100, Lucas -LandM- wrote:
>> Same error:
>> gnutls-cli --starttls -p 143 ip
>> Resolving 'ip'...
>> Connecting to 'ip:143'...
>>
>> - Simple Client Mode:
>>
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
>> IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
>> 9 STARTTLS
>> 9 OK Begin TLS negotiation now.
>>
>> *** Starting TLS handshake
>> *** Fatal error: A TLS packet with unexpected length was received.
>> *** Handshake has failed
>
> Try connecting from localhost. Maybe you have a broken proxy/firewall in
> the middle.
>
>
More information about the dovecot
mailing list