Wesley Craig wrote, at 03/18/2008 04:44 PM: > On 18 Mar 2008, at 16:11, Jorey Bump wrote: >> Everything >> seems to be working fine, with the exception of STARTTLS connections to >> port 143 from *remote* machines. >> >> C: S01 STARTTLS >> S: S01 OK Begin TLS negotiation now >> verify error:num=19:self signed certificate in certificate chain > > Who signed the certificate? issuer=/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 It's the same key/certificate I'm using on the production machine running 2.3.7, so I don't think there's anything wrong with the certificate. As I mentioned, it doesn't stop local connections, which proceed beyond that error. And imaps (port 993) connections work fine with the same system/certificate. The failed Thunderbird connections cause this entry in the debug log: Mar 18 17:48:54 mail imap[6279]: accepted connection Mar 18 17:48:55 mail imap[6279]: wrong version number in SSL_accept() -> fail Mar 18 17:48:57 mail imap[6279]: accepted connection Mar 18 17:48:57 mail imap[6279]: wrong version number in SSL_accept() -> fail Searches for this error and Cyrus IMAP turn up another posting in January that was apparently never resolved: http://lists.andrew.cmu.edu/pipermail/info-cyrus/2008-January/028210.html I'm concerned I'll have to regress to an earlier version, but I'm hoping there is a simple fix for this. ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
