-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello
I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy). All clients work as expected except for Outlook (2013 &2010) on Win8 with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on Win 7 works fine. On my previous dovecot version 1.2.13 all clients worked.) As far as I understand, one difference is the support for TLS1.2 and SSL3. And on the client side Win8 is now connecting through the Microsoft Unified Security Protocol Provider.
My logs show these issues:
Dovecot: May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=78.42.x.x, lip=144.76.x.x, TLS handshaking: Disconnect
Outlook 2013 (contains German, translation in []): IMAP: 12:30:02 [db] Mit 'mail.xxx.de' wird eine Verbindung an Port 143 hergestellt. [A connection to port 143 is established with 'mail.xxx.de'] [snip] IMAP: 12:30:02 [rx] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Welcome at mail.xxx.de [snip] IMAP: 12:30:02 [rx] hmpc OK Pre-login capabilities listed, post-login capabilities have more.IMAP: 12:30:02 [tx] ekum STARTTLS IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 5, ae = 3 IMAP: 12:30:02 [rx] ekum OK Begin TLS negotiation now. IMAP: 12:30:02 [db] Mit 'Microsoft Unified Security Protocol Provider' wird eine sichere Verbindung ausgehandelt. [A secure connection is negotiated with 'Microsoft Unified Security Protocol Provider'] IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 6, ae = 2 IMAP: 12:30:03 [db] Die Verbindung mit 'mail.xxx.de' wurde geschlossen. [Connection to 'mail.xxx.de' has been closed.] IMAP: 12:30:03 [db] OnNotify: asOld = 6, asNew = 0, ae = 5 IMAP: 12:30:03 [db] ERROR: "Es kann keine sichere Verbindung mit dem Server hergestellt werden.", hr=2148322330 [Can't establish a secure connection with the server.]
My settings for ssl_protocols and ssl_cipher_list are empty. Since it works with most clients, I assume no broken certificates or my dovecot configuration. The connection fails at the TLS/SSL handshake. Has anyone seen this behaviour, too? Is there a setting (for ssl_protocols and ssl_cipher_list) to support Outlook on Win8?
Thanks, Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlNqhkwACgkQR7+YB0QzbnqEFQCdHBPPpFB/pqgZ9FR81h/vcGy5 hkoAn2iuq+AUwQCN3yEtGIWuPAfpm2bs =WrvL -----END PGP SIGNATURE-----