Am 07.05.2014 21:15, schrieb Sebastian Goodrick:
Hello
I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy). All clients work as expected except for Outlook (2013 &2010) on Win8 with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on Win 7 works fine. On my previous dovecot version 1.2.13 all clients worked.) As far as I understand, one difference is the support for TLS1.2 and SSL3. And on the client side Win8 is now connecting through the Microsoft Unified Security Protocol Provider.
My logs show these issues:
Dovecot: May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=78.42.x.x, lip=144.76.x.x, TLS handshaking: Disconnect
Outlook 2013 (contains German, translation in []): IMAP: 12:30:02 [db] Mit 'mail.xxx.de' wird eine Verbindung an Port 143 hergestellt. [A connection to port 143 is established with 'mail.xxx.de'] [snip] IMAP: 12:30:02 [rx] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Welcome at mail.xxx.de [snip] IMAP: 12:30:02 [rx] hmpc OK Pre-login capabilities listed, post-login capabilities have more.IMAP: 12:30:02 [tx] ekum STARTTLS IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 5, ae = 3 IMAP: 12:30:02 [rx] ekum OK Begin TLS negotiation now. IMAP: 12:30:02 [db] Mit 'Microsoft Unified Security Protocol Provider' wird eine sichere Verbindung ausgehandelt. [A secure connection is negotiated with 'Microsoft Unified Security Protocol Provider'] IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 6, ae = 2 IMAP: 12:30:03 [db] Die Verbindung mit 'mail.xxx.de' wurde geschlossen. [Connection to 'mail.xxx.de' has been closed.] IMAP: 12:30:03 [db] OnNotify: asOld = 6, asNew = 0, ae = 5 IMAP: 12:30:03 [db] ERROR: "Es kann keine sichere Verbindung mit dem Server hergestellt werden.", hr=2148322330 [Can't establish a secure connection with the server.]
My settings for ssl_protocols and ssl_cipher_list are empty. Since it works with most clients, I assume no broken certificates or my dovecot configuration. The connection fails at the TLS/SSL handshake. Has anyone seen this behaviour, too? Is there a setting (for ssl_protocols and ssl_cipher_list) to support Outlook on Win8?
Thanks, Sebastian
Before do more analysis, trible check there are no auth problems with your setup your log does not look like this, but dont ever trust microsoft logs and its mysticals, check dove log too for auth problems, as ever shut down any antivirus imap proxies firewalls too for testing
set dove debug ssl max verbose perhaps use wireshark etc too
from http://forum.mailtraq.com/viewtopic.php?f=7&t=1913
... I have been diagnosing the problem with Windows 8 and we think it has been identified, although we are still waiting for confirmation from Microsoft. It appears that Microsoft have changed the TLS security protocol requirements in the Unified Security Protocol Provider that ships with Windows 8. ...
some other stuff
http://technet.microsoft.com/de-de/office/aa374757%28v=vs.71%29 http://technet.microsoft.com/de-de/office/bb870930%28v=vs.71%29 http://support.microsoft.com/kb/245030
perhaps i will run my own tests tommorow and report again
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein