[Dovecot] help debugging TLS
Richard
openmacnews at gmail.com
Wed Aug 16 17:29:09 EEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi,
i've built dovecot latest cvs on OSX 10.4.7. i'm making a 1st attempt @
trying/failing to get TLS operation up-n-running ...
my install's OK:
Install prefix ...................... : /usr/local/dovecot
File offsets ........................ : 64bit
I/O loop method ..................... : poll
File change notification method ..... : kqueue
Building with SSL support ........... : yes (OpenSSL)
Building with IPv6 support .......... : no
Building with pop3 server ........... : yes
Building with mail delivery agent .. : yes
Building with GSSAPI support ........ : no
Building with user database modules . : static prefetch passwd
passwd-file checkpassword sql (modules)
Building with password lookup modules : passwd passwd-file pam
checkpassword sql (modules)
Building with SQL drivers ............: mysql
NOTE: This is the UNSTABLE development branch of Dovecot.
You may want to change into the stabilizing branch:
cvs up -r branch_1_0
i've config'd for ssl/tls w/:
...
listen = 10.0.0.6
ssl_listen = 10.0.0.6
ssl_disable = no
verbose_ssl = yes
auth_verbose = yes
auth_debug = yes
disable_plaintext_auth = no
ssl_cert_file =
/var/MailServer/Data/CERTS/mail.testdomain.com.cert.rsa.pem
ssl_key_file =
/var/MailServer/Data/CERTS/mail.testdomain.com.privkey.rsa.pem
ssl_ca_file = /var/MailServer/Data/CERTS/main.CA.cert.rsa.pem
ssl_verify_client_cert = no
ssl_parameters_regenerate = 24
ssl_cipher_list = ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
17 ...
after launch:
% ps -ax | grep -i dovecot
14034 ?? Ss 0:11.61 /usr/local/dovecot/sbin/dovecot -c
/var/MailServer/Conf/Dovecot/dovecot.conf
14035 ?? S 0:17.00 dovecot-auth
on test via telnet, i see:
% telnet 10.0.0.6 143
Trying 10.0.0.6...
Connected to mail.testdomain.com.
Escape character is '^]'.
* OK mail.testdomain.com Dovecot IMAP4 v1.0cvs server ready
1 capability
* CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS
AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5
1 OK Capability completed.
...
but, a test with:
% openssl s_client -connect 10.0.0.6:143
fails & reports, simply:
CONNECTED(00000003)
14282:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:567:
i'm migrating from cyrus where this simple testing returns correctly w/o
error.
unclear, atm, whether there's something in dovecot, or in my testing,
not working ...
suggestions?
thanks,
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iEYEAREDAAYFAkTjK7UACgkQlffdvTZxCMbisgCggspE05II6KCAik5dfvoHtSyI
1PgAn2ErKP0xGfRAlwMrzyavstIw02a7
=kWXI
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list