Re: sync_server and TLS

Marcus Schopen <lists@xxxxxxxxxxxx> · Wed, 19 Feb 2014 02:28:48 +0100

Am Mittwoch, den 19.02.2014, 01:16 +0100 schrieb Marcus Schopen:
> Hi,
> 
> how do I figure out if master and replica are talking via TLS? Certs are
> installed on both servers. Telnet on the replica shows:
> 
> ------------
> ~# telnet replica 2005
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * SASL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
> * STARTTLS
> * COMPRESS DEFLATE
> * OK tripp Cyrus sync server v2.4.12-Debian-2.4.12-2
> ------------
> 
> When starting the master, login and replication is working, but it seems
> not working on TLS:
> 
> Feb 19 01:11:24 replica cyrus/syncserver[22175]: accepted connection
> Feb 19 01:11:24 replica cyrus/syncserver[22175]: cmdloop(): startup
> Feb 19 01:11:24 replica cyrus/syncserver[22175]: login: server [xxx]
> syncuser DIGEST-MD5 User logged in

Certificates seems to be fine. A synctest from the master to the replica
(= server) looks like this:

synctest -a syncadmin -u syncamdin -t '' server

-----------
Feb 19 02:23:57 tripp cyrus/master[22549]: about to
exec /usr/lib/cyrus/bin/sync_server
Feb 19 02:23:57 tripp cyrus/syncserver[22549]: executed
Feb 19 02:23:57 tripp cyrus/syncserver[22549]: accepted connection
Feb 19 02:23:57 tripp cyrus/syncserver[22549]: cmdloop(): startup
Feb 19 02:23:57 tripp cyrus/syncserver[22549]: imapd:Loading hard-coded
DH parameters
Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() incomplete
-> wait
Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() succeeded ->
done
Feb 19 02:23:57 tripp cyrus/syncserver[22549]: starttls: TLSv1 with
cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Feb 19 02:23:59 tripp cyrus/syncserver[22549]: login: server [xxx]
syncamdin DIGEST-MD5+TLS User logged in
-----------

Restarting Cyrus on the master comes up with this login without TLS on
the replica:

-----------
Feb 19 02:24:55 tripp cyrus/syncserver[22549]: accepted connection
Feb 19 02:24:55 tripp cyrus/syncserver[22549]: cmdloop(): startup
Feb 19 02:24:55 tripp cyrus/syncserver[22549]: login: server [xxx]
syncadmin DIGEST-MD5 User logged in
-----------

Ciao!

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus