Sebastian Hagedorn wrote: > --On 16. Januar 2009 07:48:18 -0500 Jeff Blaine <jblaine@xxxxxxxxxxxx> > wrote: > >> More info after increasing local6.info to local6.debug for >> syslog: >> >> accepted connection >> imapd:Loading hard-coded DH parameters >> SSL_accept() incomplete -> wait >> decryption failed or bad record mac in SSL_accept() -> fail >> STARTTLS negotiation failed: bva-172.our.com >> >> Our TLS all worked fine before the upgrade :( > > I'm pretty sure the tls_cache is a red herring. The SSL/TLS code changed > a lot between 2.2 and 2.3. My guess would be that there lies the actual > problem. > > I wonder where the line "Loading hard-coded DH parameters" comes from. I > haven't seen that before. Anyway, I guess you need an SSL expert to make > sense of that. How old is your certificate? Maybe the new code doesn't > like it? Did you build the binary yourself or where did you get it? The certificate is 1 year 10 months old. Everything was built by hand (as it was with our 2.2.12 install as well). I'll try redoing the cert. ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
