[Dovecot] Trying to explain mutt+dovecot(ssl) to myself :(
Hi all,
I have recently migrated my mail from courier-imap to dovecot. In doing so, I finally configured mutt to connect to imaps (SSL).
In the end I got it all working. I then sat back and thought: "I kinda don't understand the SSL/TLS part even though it works". And I hate setting stuff up and not truely understanding the mechanics of it.
So I started to write about it and am stuck. Can those that _understand_ mutt+ssl have a read of what I wrote to myself and give me your $00.02 worth (corrections etc).
Trying to explain mutt+ssl and getting it all wrong
---------------------------------------------------
* mutt(with openssl support built in) initiates with a "SSL-Client-Hello" to SSL on port 993
i.e. mutt's capabilities (algorithms, SSL version etc).
* dovecot:993 compares mutt's CipherSuites with its own. Of the CipherSuites mutt and dovecot
have in common, dovecot:993 chooses the _most_ secure algorithm.
* Dovecot:993 will then tell mutt what it has decided to use and assigns a Unique session ID.
From now on all communication is via this ID.
* Now that the CipherSuite is set between mutt and dovecot, dovecot sends its SSL certificate
to mutt [/usr/local/share/dovecot/certs/dovecot.pem].
mutt then uses dovecot's corresponding public key [/usr/local/share/dovecot/private/dovecot.pem]
to verify that the ceritificate is authentic.
* once mutt has verified that the certificate is authentic
... and here I got unstuck.
Cheers
-aW
IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email.
Wilkinson, Alex wrote:
So I started to write about it and am stuck. Can those that _understand_ mutt+ssl have a read of what I wrote to myself and give me your $00.02 worth (corrections etc).
Just connect to your IMAP server using openssl.
openssl s_client -connect mailserver:993 (optionally with -msg for protcol messages)
It will give you most things you need. Otherwise just study some SSL protocol documentation, and you should be able to figure out how SSL generally works.
IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email.
Yeah, right.
participants (2)
-
Johnny Chadda
-
Wilkinson, Alex