STARTTLS on Cyrus IMAPd 2.3.11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm migrating from Cyrus IMAPd 2.3.7 to 2.3.11. I've moved all the data 
to the new environment and rebuilt the necessary databases. Everything 
seems to be working fine, with the exception of STARTTLS connections to 
port 143 from *remote* machines.

The following imtest logins work fine when run on the local machine 
(mail.example.net):

  imtest -u jorey -a jorey -t "" localhost
  imtest -u jorey -a jorey -s localhost
  imtest -u jorey -a jorey -t "" mail.example.net
  imtest -u jorey -a jorey -s mail.example.net

The following works when run remotely (imaps, port 993):

  imtest -u jorey -a jorey -s mail.example.net

But STARTTLS on port 143 fails remotely:

  imtest -u jorey -a jorey -t "" mail.example.net

Output of imtest:

S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED 
AUTH=DIGEST-MD5 SASL-IR] mail.example.net Cyrus IMAP4 v2.3.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED 
AUTH=DIGEST-MD5 SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS 
NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY 
SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE 
CATENATE CONDSTORE IDLE URLAUTH
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain

Odd, because it's a commercial certificate, but this error is also 
present in successful logins on the local machine, so it shouldn't be a 
showstopper.

 From /var/log/imapd.log:

Mar 18 15:51:13 mail imap[6203]: STARTTLS negotiation failed: [10.1.10.94]

Thunderbird 2.0.0.12 produces this error, twice in a row for a single 
attempt to access a mailbox:

  Thunderbird can't connect securely to mail.example.net because
  the site uses a security protocol which isn't enabled.

My Cyrus IMAPd 2.3.7 installations work fine. Has there been a change to 
the way 2.3.11 handles STARTTLS on port 143? Is there a new default I 
have to override in imapd.conf? Do I need to explicitly set a cipher 
list? Any tips concerning this issue would be appreciated.
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux