[Dovecot] TLS/SSL for Win8 & Outlook

Adi Kriegisch adi at cg.tuwien.ac.at
Thu Jun 26 09:53:49 UTC 2014 

On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote:
> Am 21.05.2014 19:47, schrieb Sebastian Goodrick:
> > I just installed the (rapid-ssl) certificate and it works now.
> > Needless to say that I don't understand it. The old certificate worked
> > with all other clients but win8/outlook, plus the old dovecot install
> > worked with win8/outlook as well.
I am struggling with the same issue for some time now: win8/outlook isn't
able to connect to dovecot 2.2.9 (from Debian/backports); the error on the
outlook side of things is 0x800CCC0E which is really helpful.

The suggestion to disable TLSv1.2 on the windows side is dangerous:
win8/8.1 requires TLSv1.2 for downloading updates -- no TLSv1.2, no
updates. If absolutely necessary, disable TLSv1.2 on the dovecot side of
things!

I decided to do some additional debugging by running 'openssl s_server' on
the imap server with the very same certificates and settings (as far as it
is possible with s_server) on a different port, changed the port in outlook
and manually proxied the imap requests through: That way outlook works just
fine:

openssl s_server -tls1_2 -accept 8993 -cert /etc/dovecot/my.crt \
    -key /etc/dovecot/private/my.key -serverpref -cipher '...(*)' \
    -dhparam /root/group16.pem

(group16.pem contains 4096bit DH params that are standardized; on the
dovecot side, the dhparam length is set to 4096bit as well)

The very same thing happens with two different classes of ciphers:
ECDHE-RSA-AES256-SHA (which is what win8/outlook used to use before the
last update) and with DHE-RSA-AES256-GCM-SHA384 (which was just recently
added by the last update by Microsoft). So neither EC nor DHE cause any
changes in the behavior (as I was suspecting dovecot's dh params for some
time).

I think something in the handshake doesn't work the way it should and
causes ms crypto api (v6.3 and v6.2) to just close the connection after
handshake (a paket capture just shows the client sends a RST after key
exchange).


> there where some bugfixes with certificates ( windows )
> but that should not impact brand new installs with full recent patch level
AFAIK new (pretty cool) ciphers were introduced and I don't see how the
issue can be solved by changing the certificate: I used a cert from CACert
and a Cert signed by my own CA -- both resulting in a non-working
connection between dovecot and outlook on win8(.1).
However using the very same certificate with OpenSSL's s_server, the
connection worked just fine (as did disabling TLSv1.2) -- both indicators
that the certificates are just fine.

The only thing I can imagine that EC and DHE have in common are some SSL
extensions like session tickets (which outlook tried to use). Here are the
details of the session outlook established with s_server:
openssl sess_id -text -in param
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : C014             ## this is ECDHE-RSA-AES256-SHA
or: 
    Cipher    : 009F             ## this is with DHE-RSA-AES256-GCM-SHA384
    Session-ID:
    Session-ID-ctx: 01000000
    Master-Key: (...)
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1403774959
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

I hope someone can help me/us out here!

Thanks!

-- Adi

(*) see https://bettercrypto.org for a usable cipher string...

More information about the dovecot mailing list