[Dovecot] help debugging TLS
Thorbjorn Axelsson
thax at cresis.ku.edu
Wed Aug 16 18:02:17 EEST 2006
On Aug 16, 2006, at 9:29 AM, Richard wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> hi,
>
> i've built dovecot latest cvs on OSX 10.4.7. i'm making a 1st
> attempt @
> trying/failing to get TLS operation up-n-running ...
>
<snip>
> i've config'd for ssl/tls w/:
>
> ...
> listen = 10.0.0.6
> ssl_listen = 10.0.0.6
> ssl_disable = no
>
> verbose_ssl = yes
> auth_verbose = yes
> auth_debug = yes
>
> disable_plaintext_auth = no
>
> ssl_cert_file =
> /var/MailServer/Data/CERTS/mail.testdomain.com.cert.rsa.pem
> ssl_key_file =
> /var/MailServer/Data/CERTS/mail.testdomain.com.privkey.rsa.pem
> ssl_ca_file = /var/MailServer/Data/CERTS/main.CA.cert.rsa.pem
>
> ssl_verify_client_cert = no
> ssl_parameters_regenerate = 24
> ssl_cipher_list = ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
> 17 ...
>
>
>
> on test via telnet, i see:
>
>
> % telnet 10.0.0.6 143
> Trying 10.0.0.6...
> Connected to mail.testdomain.com.
> Escape character is '^]'.
> * OK mail.testdomain.com Dovecot IMAP4 v1.0cvs server ready
> 1 capability
> * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
> UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS
> AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5
> 1 OK Capability completed.
> ...
>
>
> but, a test with:
>
> % openssl s_client -connect 10.0.0.6:143
On port 143 you have an imap with starttls, i.e. plaintext until
STARTTLS has been issued. Unfortunately openssl s_client (not mine at
least) support imap (only smtp and pop3), but for smtp I would use
something like this
openssl s_client -starttls smtp -crlf -connect 1.2.3.4:25
You should have an imap with ssl/tls on port 993, however.
/Thorbjorn
More information about the dovecot
mailing list