[Dovecot] ssl still not working

Timo Sirainen tss at iki.fi
Mon May 19 15:50:56 EEST 2003


On Thu, 2003-05-15 at 14:25, Farkas Levente wrote:
> hi,
> I'm just download the latest cvs and try to use imaps. in mozilla I've 
> got the following message window:
> -----------------------------
> mail.int.bppiac.hu received a message with incorrect Message 
> Authentication Code. If the error occurs frequently, contact the website 
> administrator.
> -----------------------------
> and there is only one OK button:-)
> and this happens always. what can be the reason and what can I do?
> thanks.

If you set verbose_ssl = yes, I guess you'll see something like this in
log file:

imap-login: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

I'm beginning to think that this has something to do with RSA keys ..
because I don't provide it large enough RSA key and I don't create any
temporary RSA keys. Or maybe the same with DH keys.

I wish someone with more understanding on SSL protocol wrote the SSL
stuff to Dovecot :) I can only guess how they probably work.

My guess is that I should either generate a new temporary RSA key when
it's asked (which I think would be very slow since every session might
create new one) or that I pregenerated a few keys with specific sizes
(512 and 1024bits?) and used only them, or let login process signal
master process that we need a new key with bit size xyz, then wait for
master process to create it and let all the new processes use it. I
think the last one would work best.



More information about the dovecot mailing list