On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote:
Am 21.05.2014 19:47, schrieb Sebastian Goodrick:
I just installed the (rapid-ssl) certificate and it works now. Needless to say that I don't understand it. The old certificate worked with all other clients but win8/outlook, plus the old dovecot install worked with win8/outlook as well. I am struggling with the same issue for some time now: win8/outlook isn't able to connect to dovecot 2.2.9 (from Debian/backports); the error on the outlook side of things is 0x800CCC0E which is really helpful.
The suggestion to disable TLSv1.2 on the windows side is dangerous: win8/8.1 requires TLSv1.2 for downloading updates -- no TLSv1.2, no updates. If absolutely necessary, disable TLSv1.2 on the dovecot side of things!
I decided to do some additional debugging by running 'openssl s_server' on the imap server with the very same certificates and settings (as far as it is possible with s_server) on a different port, changed the port in outlook and manually proxied the imap requests through: That way outlook works just fine:
openssl s_server -tls1_2 -accept 8993 -cert /etc/dovecot/my.crt
-key /etc/dovecot/private/my.key -serverpref -cipher '...(*)'
-dhparam /root/group16.pem
(group16.pem contains 4096bit DH params that are standardized; on the dovecot side, the dhparam length is set to 4096bit as well)
The very same thing happens with two different classes of ciphers: ECDHE-RSA-AES256-SHA (which is what win8/outlook used to use before the last update) and with DHE-RSA-AES256-GCM-SHA384 (which was just recently added by the last update by Microsoft). So neither EC nor DHE cause any changes in the behavior (as I was suspecting dovecot's dh params for some time).
I think something in the handshake doesn't work the way it should and causes ms crypto api (v6.3 and v6.2) to just close the connection after handshake (a paket capture just shows the client sends a RST after key exchange).
there where some bugfixes with certificates ( windows ) but that should not impact brand new installs with full recent patch level AFAIK new (pretty cool) ciphers were introduced and I don't see how the issue can be solved by changing the certificate: I used a cert from CACert and a Cert signed by my own CA -- both resulting in a non-working connection between dovecot and outlook on win8(.1). However using the very same certificate with OpenSSL's s_server, the connection worked just fine (as did disabling TLSv1.2) -- both indicators that the certificates are just fine.
The only thing I can imagine that EC and DHE have in common are some SSL extensions like session tickets (which outlook tried to use). Here are the details of the session outlook established with s_server: openssl sess_id -text -in param SSL-Session: Protocol : TLSv1.2 Cipher : C014 ## this is ECDHE-RSA-AES256-SHA or: Cipher : 009F ## this is with DHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: 01000000 Master-Key: (...) Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1403774959 Timeout : 7200 (sec) Verify return code: 0 (ok)
I hope someone can help me/us out here!
Thanks!
-- Adi
(*) see https://bettercrypto.org for a usable cipher string...