Hi!
My question is: can dovecot be used to debug/decrypt TLS sessions ?
The reason I'm asking:
A custom application wants to speak IMAP with TLS with a dovecot instance.
It fails, and the error message is, unfortunatly, not very helpful. tcpdump shows that the session is established, but fails. The custom application says error 60000, not much more.
There is a way to decode TLS sessions in some cases:
https://wiki.wireshark.org/TLS
using firefox and the enviroment variable SSLKEYLOGFILE.
Basically, the TLS client (firefox), while negotiating keys with the other side, writes those logfiles to a logfile specified by SSLKEYLOGFILE and at the same time, wireshark is used to capture / write the pcap of the session.
Then wireshark can be used to decode the contents of the TLS-encrypted session.
Is something similiar possible with dovecot as the server and from the server side ?
Is, by chance, the session=<...> value already such a key so that a tcpdump pcap file would be able to descrypt that session ?
Sep 29 08:51:30 imap-login: Info: Login: user=<someuser>, method=PLAIN, rip=<someip>, lip=<someotherip>, mpid=63667, TLS, session=<GGF0Nm6wxy0qAQHoAAMAAwAAAAAAAAAB>
-- pi@opsec.eu +49 171 3101372 Now what ?