On 01/25/2010 01:28 PM, Andrew Morgan wrote:
On Sat, 23 Jan 2010, Bob Dye wrote:
I'm running Cyrus-imapd 2.3.7 on a Redhat Enterprise Linux 5 system.
TLS works fine if I connect to the imap port (143). If I try to connect
instead via the imaps port (993), the attempt times out and I get the
following in the log:
imaps[27170]: imaps TLS negotiation failed: [xx.xx.xx.xx]
imaps[27170]: Fatal error: tls_start_servertls() failed
Any ideas?
Try the command line openssl client and see if it can negotiate SSL/TLS.
Something like this:
openssl s_client -connect your_server_dns_name:993 -CApath /etc/ssl/certs
CApath should be the path to your local CA certificates directory,
/etc/ssl/certs on Debian Linux. You could also add -debug to get a hex
dump of the traffic.
Can you post your imapd.conf file (sanitized)?
Just for reference, the above error happens when you try STARTTLS on
port 993:
# telnet student.ednet.ns.ca 993
Trying 142.227.51.32...
Connected to student.ednet.ns.ca.
Escape character is '^]'.
starttls
* BYE Fatal error: tls_start_servertls() failed
Connection closed by foreign host.
Andy
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
begin:vcard
fn:Patrick Boutilier
n:Boutilier;Patrick
org:;Nova Scotia Department of Education
adr:;;2021 Brunswick Street;Halifax;NS;B3K 2Y5;Canada
email;internet:boutilpj@xxxxxxxxxxx
title:WAN Communications Specialist
tel;work:902-424-6800
tel;fax:902-424-0874
version:2.1
end:vcard
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
