Am 09.10.2013 21:06, schrieb Dan Langille:
On Oct 6, 2013, at 5:06 PM, Reindl Harald wrote:
and mail.app is working even with *self signed* certificates and dovecot 2.2 you only have to accept / import the certificate proven by a testserver all day long
It seems that the test server is not testing this particular situation.
it is not the servers job to accept the cert the particular server makes it even harder as defaults
ssl_cipher_list = EECDH-AES256:EECDH-AES:DHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-AES256:EDH-AES128:EDH-AES:EECDH-RC4:DHE-RC4:EDH-RC4:AES256-SHA:AES128-SHA:TLSv1+HIGH:HIGH:RC4+MEDIUM:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2:!PSK:@STRENGTH ssl_prefer_server_ciphers = yes
so i assume the problem exists between chair and keyboard
Turns out, this assumption is incorrect.
Just saying
imap-login: OK: imap@testserver.rhsoft.net, 91.118.73.200, CRAM-MD5, TLSv1 with cipher DHE-RSA-AES256-SHA
- dovecot 2.2.6 / openssl-1.0.1e
- self signed certificate
- 4096 Bit (recently changed from 2048 bit and had to be again accepted by the user)
- Apple OSX Mail.app
it's not the job of the server to accept the cert period