On 10/09/2013 10:31 PM, Reindl Harald wrote:
Am 09.10.2013 21:27, schrieb Eliezer Croitoru:
On 09/13/2013 02:59 PM, Dan Langille wrote:
*** /var/log/maillog *** Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, TLS handshaking: Disconnected, session=<a7AJd0LmWwCmiVQL>
How about tring to use a username to identify the user?? it is very clear that there is nothing that the client tries to do...
it is much more clear that there is no username if the client refuses the SSL handshake because it does not like the cert or the offered ssl-ciphers
user=<> is pretty normal in a lot of cases
- ssl cert not accepted and not allowed by the user in case of untrusted
- no cipher the client accpets
- no auth-mech the client accepts offered by the server
so how do *you* imagine to see a username in the log?
I expect that StarSSL will put a good configuration examples for Apache Postfix Dovecot Exim nginx and more.. This way their service would give much more... I am just still unsure How long would it take to write the docs that exalain all the mentioned above: there is a SSL hirarcy and StarSSL uses this hirarchy which you need to understand and then the next thing to do is to answer a question or two to make sure you understand that everything is OK with the service etc.
A basic openssl client into a ssl port should be sufficent but in a case of a special client that verifies two way key it's another story.
Hope there was a solution in the upper part of the thread.
Eliezer