I'm running Cyrus 2.3.14 on two Ubuntu 9.10 (Karmic) servers. Recently, I installed new "StartSSL Free" SSL certificates from StartCom on these servers. After doing so, I could no longer connect securely to Cyrus in any mode (imaps, imap + starttls, pop3s, pop3 + starttls) -- the client sat for a long time before timing out, and the syslog messages on the server spoke vaguely about "STARTTLS negotiation failed", "Fatal error: tls_start_servertls() failed", etc. When I reinstated the older certificates (one purchased from Comodo, and another self-signed), everything started working fine again. These same StartCom certificates work just fine with Apache and Postfix, so I don't think the certs are obviously broken in any way. The only difference I've been able to identify so far is that the older SSL certificates were using 1024-bit public keys, but the new certs from StartCom are using 2048-bit public keys. Is this a known Cyrus issue? If so, will upgrading to a newer version of Cyrus fix this problem? Or is there a configuration option somewhere that will allow Cyrus 2.3.14 to use SSL certs with 2048-bit public keys? StartCom doesn't offer SSL certs with 1024-bit public keys, by the way, so that isn't an option here. Rich Wales richw@xxxxxxxxx ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
