Timo Sirainen wrote:
On Thu, 2003-05-15 at 14:25, Farkas Levente wrote:
hi, I'm just download the latest cvs and try to use imaps. in mozilla I've got the following message window:
mail.int.bppiac.hu received a message with incorrect Message Authentication Code. If the error occurs frequently, contact the website administrator.
and there is only one OK button:-) and this happens always. what can be the reason and what can I do? thanks.
If you set verbose_ssl = yes, I guess you'll see something like this in log file:
imap-login: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
I'm beginning to think that this has something to do with RSA keys .. because I don't provide it large enough RSA key and I don't create any temporary RSA keys. Or maybe the same with DH keys.
I wish someone with more understanding on SSL protocol wrote the SSL stuff to Dovecot :) I can only guess how they probably work.
My guess is that I should either generate a new temporary RSA key when it's asked (which I think would be very slow since every session might create new one) or that I pregenerated a few keys with specific sizes (512 and 1024bits?) and used only them, or let login process signal master process that we need a new key with bit size xyz, then wait for master process to create it and let all the new processes use it. I think the last one would work best.
here is the result:
imap-login: May 21 10:35:39 Warning: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [192.168.0.50] imap-login: May 21 10:35:39 Info: Disconnected [192.168.0.50] imap-login: May 21 10:35:39 Warning: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [192.168.0.50] imap-login: May 21 10:35:39 Info: Disconnected [192.168.0.50] imap-login: May 21 10:35:39 Warning: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [192.168.0.50] imap-login: May 21 10:35:39 Info: Disconnected [192.168.0.50] imap-login: May 21 10:35:43 Warning: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [192.168.0.50] imap-login: May 21 10:35:43 Info: Disconnected [192.168.0.50] imap-login: May 21 10:35:43 Warning: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [192.168.0.50] imap-login: May 21 10:35:43 Info: Disconnected [192.168.0.50]
this is with the latest patch (it's actualy the today cvs version). I don't use dovecot's generated certs, I manualy generate certificate for all of our services https, imaps, vpn... with one common global CA for the whole company. ssl still not working.
-- Levente "Si vis pacem para bellum!"