3 Feb
2011
3 Feb
'11
12:03 a.m.
Hi Timo again,
It works right now, but only in command line approach:gnutls-cli --starttls -p 143 ip Resolving 'ip'... Connecting to 'ip:143'...
- Simple Client Mode:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. 1 starttls 1 OK Begin TLS negotiation now. *** Starting TLS handshake
Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1023 bits
- Peer's public key: 1021 bits
Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject
C=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP server,CN=imap.client.com,EMAIL=postmaster@client.com', issuerC=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP server,CN=imap.client.com,EMAIL=postmaster@client.com', RSA key 1024 bits, signed using RSA-SHA, activated2011-02-02 18:46:20 UTC', expires2021-01-30 18:46:20 UTC', SHA-1 fingerprint `17861d69831182042fbc1544a30cf33c4059ff06'
The hostname in the certificate does NOT match 'client'
Thunderbird loops "Checking mail server capabilities" for ever. server log: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [83.61.13.57] Feb 2 22:01:55 s13 dovecot: imap-login: Disconnected (no auth attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected
Any other suggestion?
Thank you, Lucas
On 02/02/2011 22:16, Timo Sirainen wrote:
On Wed, 2011-02-02 at 21:28 +0100, Lucas -LandM- wrote:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. *** Starting TLS handshake
You're starting it too early. Give "x starttls" command first.