[Dovecot] SSL with startssl.com certificates
Reindl Harald
h.reindl at thelounge.net
Tue Sep 17 17:39:38 EEST 2013
Am 17.09.2013 16:32, schrieb Dan Langille:
>> *what* says "telnet your-server 143"
>> $ telnet imaps.unixathome.org 143
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
>
> At present, I am using dovecot-1.2.17 on another server with a certificate from StartCom:
>
> $ openssl s_client -connect nyi.unixathome.org:993 -quiet
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready.
>
>
> The server which fails me is running 2.1.16 (was 2.2 before this morning)
>
> $ openssl s_client -connect imaps.unixathome.org:993 -quiet
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
>
> Somewhere, somehow, there is something vastly different and not working
you are making it hard to impossible to help you if you are mixing servers and
their responses and port 993 will *never ever* show STARTTLS because it is
IMAPS which enforces a encrypted connection and *not* STARTTLS where the
inital connection is unencrpyted by design
so *please* stay at *one* config, *one* machine and *one* port for debugging
if the machine in question announces STARTTLS on port 143 it should work
and that is why i asked if *a different client* than a iPhone is using
STARTTLS on *that* machine with *that config*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130917/faee3e23/attachment-0001.bin>
More information about the dovecot
mailing list