SYSTEM
INFORMATION:
OS:
CentOS
7
Cyrus-Imap:
RPM
=
cyrus-imapd-2.4.17-15.el7.x86_64
TLS
CONFIGURATION:
tls_cert_file:
/etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file:
/etc/pki/cyrus-imapd/cyrus-imapd.key
tls_ca_file:
/etc/pki/tls/certs/ca-bundle.crt
tls_cipher_list:
HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH
tls_prefer_server_ciphers:
1
tls_versions:
tls1_2
#tls_versions:
tls1_0
tls1_1
tls1_2
PROBLEM:
When
I
attempt
to
login
using
cyradm
I
get
SSL/TLS
errors.
The
only
way
I
have
been
able
to
get
this
to
work
was
to
enable
TLS
version
1.0.
Security
team
won't
allow
less
than
TLS1.2
and
I
am
not
able
to
move
to
a
newer
OS
at
this
time.
Is
there
a
way
to
get
it
working
on
CentOS
7
with
TLSv1.2
or
later?
Maybe
I
need
different
ciphers?
If
I
uncomment
the
last
line
I
am
able
to
connect
and
login.
tls_versions:
tls1_0
tls1_1
tls1_2
ERRORS:
:~$
cyradm
--user
cyrus
--tlskey
--auth
plain
localhost
[
SSL_connect
error
-1
]
[
SSL
session
removed
]
[
TLS
negotiation
did
not
succeed
]
LOGS:
With
only
TLSv1.2
enabled
imap[]:
STARTTLS
negotiation
failed:
localhost
[127.0.0.1]
LOGS:
With
TLSv1.0
enabled
imap[]:
starttls:
TLSv1
with
cipher
ECDHE-RSA-AES256-SHA
(256/256
bits
new)
no
authentication
Any
assistance
is
appreciated.
--Ez
