Outlook 2007 works. Unfortunately, this is not an option for us as our users use Thunderbird. Jan 16 10:18:14 imapsrv imap[16000]: [ID 921384 local6.debug] accepted connection Jan 16 10:18:14 imapsrv imap[16000]: [ID 636471 local6.notice] TLS server engine: cannot load CA data Jan 16 10:18:14 imapsrv imap[16000]: [ID 286863 local6.notice] imapd:Loading hard-coded DH parameters Jan 16 10:18:14 imapsrv imap[16000]: [ID 277171 local6.error] TLS server engine: No CA file specified. Client side certs may not work Jan 16 10:18:15 imapsrv imap[16000]: [ID 574029 local6.debug] SSL_accept() incomplete -> wait Jan 16 10:18:15 imapsrv imap[16000]: [ID 867439 local6.debug] SSL_accept() succeeded -> done Jan 16 10:18:15 imapsrv imap[16000]: [ID 379946 local6.notice] starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication Jan 16 10:18:15 imapsrv imap[16000]: [ID 277583 local6.notice] login: bva-172.our.com jblaine plaintext+TLS User logged in Jeff Blaine wrote: > With the tls_ca_file line removed, Thunderbird asked me > to specify a client certificate, I chose my cert and > entered my password to access it. > > Jan 16 10:08:33 imapsrv imap[15668]: [ID 921384 local6.debug] accepted > connection > Jan 16 10:08:33 imapsrv imap[15668]: [ID 636471 local6.notice] TLS > server engine: cannot load CA data > Jan 16 10:08:33 imapsrv imap[15668]: [ID 286863 local6.notice] > imapd:Loading hard-coded DH parameters > Jan 16 10:08:33 imapsrv imap[15668]: [ID 277171 local6.error] TLS server > engine: No CA file specified. Client side certs may not work > Jan 16 10:08:33 imapsrv imap[15668]: [ID 574029 local6.debug] > SSL_accept() incomplete -> wait > Jan 16 10:08:43 imapsrv imap[15668]: [ID 160154 local6.debug] Doing a > peer verify > Jan 16 10:08:43 imapsrv imap[15668]: [ID 227675 local6.error] verify > error:num=20:unable to get local issuer certificate > Jan 16 10:08:43 imapsrv imap[15668]: [ID 192010 local6.debug] no > certificate returned in SSL_accept() -> fail > Jan 16 10:08:43 imapsrv imap[15668]: [ID 239158 local6.notice] STARTTLS > negotiation failed: bva-172.our.com > > Sebastian Hagedorn wrote: >> --On 16. Januar 2009 09:43:02 -0500 Jeff Blaine <jblaine@xxxxxxxxxxxx> >> wrote: >> >>> A new cert did not solve the problem: >>> >>> Jan 16 09:41:30 imapsrv imap[12264]: [ID 921384 local6.debug] accepted >>> connection >>> Jan 16 09:41:30 imapsrv imap[12264]: [ID 192010 local6.debug] wrong >>> version number in SSL_accept() -> fail >> But it results in a different error message. >> >>> Jan 16 09:41:30 imapsrv imap[12264]: [ID 239158 local6.notice] STARTTLS >>> negotiation failed: bva-172.our.com >> That reminds me of something. Try removing this line from your config: >> >> tls_ca_file: /var/imap/ca.crt >> >> Also, try using different clients. IIRC, there is an issue specifically >> with Thunderbird and that setting. I don't remember the details, but you >> should be able to find them in the archives. > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
