[Dovecot] help debugging TLS

Richard openmacnews at gmail.com
Wed Aug 16 17:29:09 EEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi,

i've built dovecot latest cvs on OSX 10.4.7.  i'm making a 1st attempt @
trying/failing to get TLS operation up-n-running ...

my install's OK:

	Install prefix ...................... : /usr/local/dovecot
	File offsets ........................ : 64bit
	I/O loop method ..................... : poll
	File change notification method ..... : kqueue
	Building with SSL support ........... : yes (OpenSSL)
	Building with IPv6 support .......... : no
	Building with pop3 server ........... : yes
	Building with mail delivery agent  .. : yes
	Building with GSSAPI support ........ : no
	Building with user database modules . : static prefetch passwd
passwd-file checkpassword sql (modules)
	Building with password lookup modules : passwd passwd-file pam
checkpassword sql (modules)
	Building with SQL drivers ............: mysql

	NOTE: This is the UNSTABLE development branch of Dovecot.
	You may want to change into the stabilizing branch:
	  cvs up -r branch_1_0

i've config'd for ssl/tls w/:

	...
	listen =     10.0.0.6
	ssl_listen = 10.0.0.6
	ssl_disable = no

	verbose_ssl = yes
	auth_verbose = yes
	auth_debug = yes

	disable_plaintext_auth = no

	ssl_cert_file =
/var/MailServer/Data/CERTS/mail.testdomain.com.cert.rsa.pem
	ssl_key_file =
/var/MailServer/Data/CERTS/mail.testdomain.com.privkey.rsa.pem
	ssl_ca_file =    /var/MailServer/Data/CERTS/main.CA.cert.rsa.pem

	ssl_verify_client_cert = no
	ssl_parameters_regenerate = 24
	ssl_cipher_list = ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
17	...


after launch:

	% ps -ax | grep -i dovecot
		14034  ??  Ss     0:11.61 /usr/local/dovecot/sbin/dovecot -c
/var/MailServer/Conf/Dovecot/dovecot.conf
		14035  ??  S      0:17.00 dovecot-auth


on test via telnet, i see:


	% telnet 10.0.0.6 143
		Trying 10.0.0.6...
		Connected to mail.testdomain.com.
		Escape character is '^]'.
		* OK mail.testdomain.com Dovecot IMAP4 v1.0cvs server ready
	1 capability
		* CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS
AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5
		1 OK Capability completed.
		...


but, a test with:

	% openssl s_client -connect 10.0.0.6:143

fails & reports, simply:

	CONNECTED(00000003)
	14282:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:567:


i'm migrating from cyrus where this simple testing returns correctly w/o
error.

unclear, atm, whether there's something in dovecot, or in my testing,
not working ...

suggestions?

thanks,

richard



- --

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB  D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iEYEAREDAAYFAkTjK7UACgkQlffdvTZxCMbisgCggspE05II6KCAik5dfvoHtSyI
1PgAn2ErKP0xGfRAlwMrzyavstIw02a7
=kWXI
-----END PGP SIGNATURE-----

More information about the dovecot mailing list