Re: [Dovecot] STARTTLS problem

3 Feb 2011

      Hi Timo,
From other server:
gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...

Simple Client Mode:

OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
9 starttls
9 OK Begin TLS negotiation now.
*** Starting TLS handshake

Ephemeral Diffie-Hellman parameters
Using prime: 1032 bits
Secret key: 1016 bits
Peer's public key: 1024 bits

Certificate type: X.509
Got a certificate list of 1 certificates.

Certificate[0] info:

The hostname in the certificate does NOT match 'ip'.

Server log:
Feb  2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x10,
ret=1: before/accept initialization [83.170.89.109]
Feb  2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: before/accept initialization [83.170.89.109]
Feb  2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv2/v3 read client hello A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client hello A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server hello A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write certificate A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write key exchange A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server done A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client key exchange A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read certificate verify A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read finished A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write change cipher spec A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write finished A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x20,
ret=1: SSL negotiation finished successfully [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=1: SSL negotiation finished successfully [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=256: warning close notify [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Disconnected (no auth
attempts): rip=83.170.89.109, lip=109.200.5.221, TLS: Disconnected
Same error in thunderbird :(
Feb  2 22:12:44 s13 dovecot: imap-login: Disconnected (no auth
attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected
Regards,
Lucas
On 02/02/2011 23:03, Timo Sirainen wrote:
...
On Wed, 2011-02-02 at 22:47 +0100, Lucas -LandM- wrote:
...
Same error:
gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...

Simple Client Mode:

OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
9 STARTTLS
9 OK Begin TLS negotiation now.

*** Starting TLS handshake
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
Try connecting from localhost. Maybe you have a broken proxy/firewall in
the middle.