Outlook 2010 woes

Bryan Holloway bryan at shout.net
Thu Oct 13 16:21:09 UTC 2016


On 10/13/16 11:01 AM, Aki Tuomi wrote:
>
>> On October 13, 2016 at 6:52 PM Konstantin Khomoutov <flatworm at users.sourceforge.net> wrote:
>>
>>
>> On Thu, 13 Oct 2016 10:35:14 -0500
>> Bryan Holloway <bryan at shout.net> wrote:
>>
>>>> [...]
>>>>> Is there a way to see the IMAP commands coming from the client?
>>>>> I've tried looking at PCAPs, but of course they're encrypted so I
>>>>> can't see the actual dialog going on between the server and
>>>>> client. I didn't see an obvious way to do this in the docs.
>>>>
>>>> If you have access to the SSL/TLS key (IOW, the private part of the
>>>> cert) the server uses to secure IMAP connections you can dump the
>>>> IMAP traffic using the `ssldump` utility (which builds on
>>>> `tcpdump`).
>>>
>>> I do, but the client is using a DH key exchange so I only have the
>>> server-side private key.
>>>
>>> Tried that using Wireshark's decoder features and ran into this
>>> problem. I'm assuming I'd run into the same using ssldump, but I'll
>>> give it a shot!
>>
>> I think DH is not the culprit: just to be able to actually decode SSL
>> traffic, you must have the server private key when you're decoding the
>> SSL handshake phase -- to be able to recover the session keys, which
>> you then use to decode the actual tunneled data.
>
> You can also enable only non DH algorithms in ssl settings if rawlog isn't working for you.
>
> Aki
>

Ah -- interesting tip. I hadn't thought of that. Thank you! I'll report 
my findings to the list.


More information about the dovecot mailing list