[Dovecot] STARTTLS problem

[Lucas -LandM-]

  Hi Timo,

   From other server:
  gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...

- Simple Client Mode:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
9 starttls
9 OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
  - Using prime: 1032 bits
  - Secret key: 1016 bits
  - Peer's public key: 1024 bits
- Certificate type: X.509
  - Got a certificate list of 1 certificates.

  - Certificate[0] info:
  # The hostname in the certificate does NOT match 'ip'.


Server log:
Feb  2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x10, 
ret=1: before/accept initialization [83.170.89.109]
Feb  2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: before/accept initialization [83.170.89.109]
Feb  2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv2/v3 read client hello A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 read client hello A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write server hello A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write certificate A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write key exchange A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write server done A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 flush data [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv3 read client certificate A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv3 read client certificate A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 read client key exchange A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv3 read certificate verify A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 read finished A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write change cipher spec A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write finished A [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 flush data [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x20, 
ret=1: SSL negotiation finished successfully [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=1: SSL negotiation finished successfully [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Warning: SSL alert: 
where=0x4008, ret=256: warning close notify [83.170.89.109]
Feb  2 22:10:08 s13 dovecot: imap-login: Disconnected (no auth 
attempts): rip=83.170.89.109, lip=109.200.5.221, TLS: Disconnected


  Same error in thunderbird :(
Feb  2 22:12:44 s13 dovecot: imap-login: Disconnected (no auth 
attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected

  Regards,
   Lucas


On 02/02/2011 23:03, Timo Sirainen wrote:
> On Wed, 2011-02-02 at 22:47 +0100, Lucas -LandM- wrote:
>> Same error:
>> gnutls-cli --starttls -p 143 ip
>> Resolving 'ip'...
>> Connecting to 'ip:143'...
>>
>> - Simple Client Mode:
>>
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
>> IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
>> 9 STARTTLS
>> 9 OK Begin TLS negotiation now.
>>
>> *** Starting TLS handshake
>> *** Fatal error: A TLS packet with unexpected length was received.
>> *** Handshake has failed
>
> Try connecting from localhost. Maybe you have a broken proxy/firewall in
> the middle.
>
>