More info after increasing local6.info to local6.debug for syslog: accepted connection imapd:Loading hard-coded DH parameters SSL_accept() incomplete -> wait decryption failed or bad record mac in SSL_accept() -> fail STARTTLS negotiation failed: bva-172.our.com Our TLS all worked fine before the upgrade :(
I'm pretty sure the tls_cache is a red herring. The SSL/TLS code changed a lot between 2.2 and 2.3. My guess would be that there lies the actual problem.
I wonder where the line "Loading hard-coded DH parameters" comes from. I haven't seen that before. Anyway, I guess you need an SSL expert to make sense of that. How old is your certificate? Maybe the new code doesn't like it? Did you build the binary yourself or where did you get it?
--
.:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:.
.:.:.:.Skype: shagedorn.:.:.:.Attachment:
pgpTpR3gbaNVy.pgp
Description: PGP signature
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
