-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
hi thorbjorn,
On port 143 you have an imap with starttls, i.e. plaintext until STARTTLS has been issued. Unfortunately openssl s_client (not mine at least) support imap (only smtp and pop3), but for smtp I would use something like this
i honestly did not realize that imap was not supported! but, you are absolutely correct:
-starttls prot - use the STARTTLS command before starting TLS for those protocols that support it, where 'prot' defines which one to assume. Currently, only "smtp" and "pop3" are supported.
thanks for the heads-up.
You should have an imap with ssl/tls on port 993, however.
and, checking:
% openssl s_client -connect 10.0.0.6:993 CONNECTED(00000003) depth=1 /C=US/ST= (blah blah) verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/CN=mail.testdomain.com i:/C=US/ST= (blah blah) 1 s:/C=US/ST= (blah blah) i:/C=US/ST= (blah blah) --- Server certificate -----BEGIN CERTIFICATE----- MIIEw...xjEQ/g9v -----END CERTIFICATE----- subject=/CN=mail.testdomain.com issuer=/C=US/ST= (blah blah) --- No client certificate CA names sent --- SSL handshake has read 3263 bytes and written 346 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 86A0...AE9CD Session-ID-ctx: Master-Key: 5475...23E48 Key-Arg : None Start Time: 1155742073 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- * OK mail.testdomain.com Dovecot IMAP4 v1.0 server ready
which, except for that "verify error" (which i'll straighten out here in a bit ... ) seems to be exactly what i'd expect.
thanks!
richard
/"
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iEYEAREDAAYFAkTjOpIACgkQlffdvTZxCMZoZACgtVUmYb8BHXe8ktX3lTlCGNXQ LVIAoJBc9fq8oOdPITpCjOdxO4ZBP7Zd =JKL9 -----END PGP SIGNATURE-----