[Dovecot] help debugging TLS

Richard openmacnews at gmail.com
Wed Aug 16 18:32:34 EEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi thorbjorn,

> On port 143 you have an imap with starttls, i.e. plaintext until
> STARTTLS has been issued. Unfortunately openssl s_client (not mine at
> least) support imap (only smtp and pop3), but for smtp I would use
> something like this

i honestly did not realize that imap was not supported! but, you are
absolutely correct:

  -starttls prot - use the STARTTLS command before starting TLS
                   for those protocols that support it, where
                   'prot' defines which one to assume.  Currently,
                    only "smtp" and "pop3" are supported.

thanks for the heads-up.

> You should have an imap with ssl/tls on port 993, however.

and, checking:

% openssl s_client -connect 10.0.0.6:993
	CONNECTED(00000003)
	depth=1 /C=US/ST= (blah blah)
	verify error:num=19:self signed certificate in certificate chain
	verify return:0
	---
	Certificate chain
	 0 s:/CN=mail.testdomain.com
	   i:/C=US/ST= (blah blah)
	 1 s:/C=US/ST= (blah blah)
	   i:/C=US/ST= (blah blah)
	---
	Server certificate
	-----BEGIN CERTIFICATE-----
	MIIEw...xjEQ/g9v
	-----END CERTIFICATE-----
	subject=/CN=mail.testdomain.com
	issuer=/C=US/ST=  (blah blah)
	---
	No client certificate CA names sent
	---
	SSL handshake has read 3263 bytes and written 346 bytes
	---
	New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
	Server public key is 2048 bit
	Compression: NONE
	Expansion: NONE
	SSL-Session:
		Protocol  : TLSv1
		Cipher    : DHE-RSA-AES256-SHA
		Session-ID: 86A0...AE9CD
		Session-ID-ctx:
		Master-Key: 5475...23E48
		Key-Arg   : None
		Start Time: 1155742073
		Timeout   : 300 (sec)
		Verify return code: 19 (self signed certificate in certificate chain)
	---
	* OK mail.testdomain.com Dovecot IMAP4 v1.0 server ready

which, except for that "verify error" (which i'll straighten out here in
a bit ... ) seems to be exactly what i'd expect.

thanks!

richard
- --

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB  D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iEYEAREDAAYFAkTjOpIACgkQlffdvTZxCMZoZACgtVUmYb8BHXe8ktX3lTlCGNXQ
LVIAoJBc9fq8oOdPITpCjOdxO4ZBP7Zd
=JKL9
-----END PGP SIGNATURE-----

More information about the dovecot mailing list