[Dovecot] TLS/SSL for Win8 & Outlook

Sebastian Goodrick sebastian at goodrick.ch
Wed May 7 19:15:24 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello

I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy).
All clients work as expected except for Outlook (2013 &2010) on Win8
with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on
Win 7 works fine. On my previous dovecot version 1.2.13 all clients
worked.)
As far as I understand, one difference is the support for TLS1.2 and
SSL3. And on the client side Win8 is now connecting through the
Microsoft Unified Security Protocol Provider.

My logs show these issues:

Dovecot:
May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3
read client certificate A [78.42.x.x]
May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3
read client certificate A [78.42.x.x]
May 06 21:05:43 imap-login: Warning: SSL failed: where=0x2002: SSLv3
read client certificate A [78.42.x.x]
May 06 21:05:43 imap-login: Info: Disconnected (no auth attempts in 0
secs): user=<>, rip=78.42.x.x, lip=144.76.x.x, TLS handshaking: Disconnect

Outlook 2013 (contains German, translation in []):
IMAP: 12:30:02 [db] Mit 'mail.xxx.de' wird eine Verbindung an Port 143
hergestellt. [A connection to port 143 is established with 'mail.xxx.de']
[snip]
IMAP: 12:30:02 [rx] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN
AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Welcome at mail.xxx.de
[snip]
IMAP: 12:30:02 [rx] hmpc OK Pre-login capabilities listed, post-login
capabilities have more.IMAP: 12:30:02 [tx] ekum STARTTLS
IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 5, ae = 3
IMAP: 12:30:02 [rx] ekum OK Begin TLS negotiation now.
IMAP: 12:30:02 [db] Mit 'Microsoft Unified Security Protocol Provider'
wird eine sichere Verbindung ausgehandelt. [A secure connection is
negotiated with 'Microsoft Unified Security Protocol Provider']
IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 6, ae = 2
IMAP: 12:30:03 [db] Die Verbindung mit 'mail.xxx.de' wurde
geschlossen. [Connection to 'mail.xxx.de' has been closed.]
IMAP: 12:30:03 [db] OnNotify: asOld = 6, asNew = 0, ae = 5
IMAP: 12:30:03 [db] ERROR: "Es kann keine sichere Verbindung mit dem
Server hergestellt werden.", hr=2148322330 [Can't establish a secure
connection with the server.]

My settings for ssl_protocols and ssl_cipher_list are empty. Since it
works with most clients, I assume no broken certificates or my dovecot
configuration. The connection fails at the TLS/SSL handshake.
Has anyone seen this behaviour, too? Is there a setting (for
ssl_protocols and ssl_cipher_list) to support Outlook on Win8?

Thanks, Sebastian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNqhkwACgkQR7+YB0QzbnqEFQCdHBPPpFB/pqgZ9FR81h/vcGy5
hkoAn2iuq+AUwQCN3yEtGIWuPAfpm2bs
=WrvL
-----END PGP SIGNATURE-----


More information about the dovecot mailing list