Luigi Rosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, I have a dual stack server with Dovecot 2.1.10 listening on v4 and v6
Dovecot has a Comodo SSL certificate issued via NameCheap that works as expected with IPv4
in 10-ssl.conf I have enabled these configuraction directives:
ssl = yes ssl_cert =< /path/to/file.crt ssl_key =< /path/to/file.key ssl_parameters_regenerate = 202 hours
If I connect to Dovecot using the IPv6 address of the server with Thunderbird 15.0.1 uising CRAM-MD5 averything is ok. If I enable SSL _and_ IPv6 on Thunderbird I get this error: How do you enable this in Thunderbird? If by "enabling IPv6" you mean you put in the IPv6 address in stead of the hostname, that's probably where you're wrong. The certificate contains your hostname, not the IP-address so the hostname verification check fails if you insert the IPv6 address (i.e. hostname.tld != 2001:470:1f09:203:fdbf:508e:4a29:56c5so your connection fails). I've verified this by changing the hostname to IPv6 in Thunderbird and got the same error as you do. You would get the same error if you configure the IPv4 address in TB. Oct 5 20:05:04 mail dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=2001:470:1f09:203:fdbf:508e:4a29:56c5, lip=2001:470:1f09:203::badd:ecaf, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=<ZcMRtlPLqgAgAQRwHwkCA/2/UI5KKVbF> This is a valid connection when I use the hostname:
2012-10-04T18:07:51.614187+02:00 mail dovecot: imap-login: Login: user=<user@domain>, method=CRAM-MD5, rip=yyyy:yyyy:::yyyy, lip=xxxx:xxxx:::xxxx, mpid=58179, TLS, TLSv1 with cipher RC4-MD5 (128/128 bits)
Configure your DNS so your hostname points to both the IPv6 and IPv4 address. Your client will take take whichever protocol is preferred (IPv4 or IPv6).
Rgds, N.
Ciao, luigi
/ +--[Luigi Rosa]-- \
I will tell you a great secret, Captain. Perhaps the greatest of all time. The molecules of your body are the same molecules that make up this station and the nebula outside, that burn inside the stars themselves. We are star stuff, we are the universe made manifest, trying to figure itself out. As we have both learned, sometimes the universe requires a change of perspective." --Delenn, "Distant Star", Babylon 5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla -http://www.enigmail.net/
iEYEARECAAYFAlBvI50ACgkQ3kWu7Tfl6ZRBSACfRkp4FYpWaEZUQhIh0t6Vfs/I JbcAoKGZ769yogYS7faCXKvPTuhQiHA8 =jxCB -----END PGP SIGNATURE-----