TLS negotiation fails... only over 3/4/5G?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I noticed my Android phone seems to often be unable to get new mail when I'm not on wifi. I decided to test this and when I attempt refresh over 5G it seems I usually get:

2023-06-28T00:42:50.801242+00:00 virt cyrus/imaps[331595]: inittls: Loading hard-coded DH parameters
2023-06-28T00:42:50.808370+00:00 virt cyrus/imaps[331595]: imaps TLS negotiation failed: [172.58.88.7]

That's ... 95% of the time. Every now and then it works.

Over wifi it works 100% of the time.

That *feels* a lot like a timeout to me... but `imapd` has a 60 second timeout, and all this happens in a second or two, so it doesn't seem to be that.

I did some tcpdump'ing, and obviously it's a bit opaque do to the SSL, but it always ends with the server sending a fin (`FP.`) and then 4 resets from the client (when things fail), which isn't very telling.

I was hoping there was a debug option I'm overlooking. I see some debug options to `imapd` that involve calling debuggers like gdb, but nothing that might increase it's verbosity in a manner that seems likely to help me track down the issue.

My service def in cyrus.conf is:

        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=1 maxchild=100

And my imap.conf is:

configdirectory: /var/lib/cyrus
proc_path: /run/cyrus/proc
mboxname_lockpath: /run/cyrus/lock
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: yes
unixhierarchysep: no
lmtp_downcase_rcpt: yes
admins: cyrus
allowanonymouslogin: no
popminpoll: 0
autocreate_quota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
httpmodules: caldav carddav
hashimapspool: true
allowplaintext: no
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
tls_server_cert: /etc/letsencrypt/live/www.ipom.com/cert.pem
tls_server_key: /etc/letsencrypt/live/www.ipom.com/privkey.pem
tls_client_ca_file: /etc/letsencrypt/live/www.ipom.com/chain.pem
tls_client_ca_dir: /etc/ssl/certs
tls_session_timeout: 1440
lmtpsocket: /run/cyrus/socket/lmtp
idlesocket: /run/cyrus/socket/idle
notifysocket: /run/cyrus/socket/notify
syslog_prefix: cyrus

I googled around, but couldn't find others experiencing a similar problem.

Any suggestions would be great.

Thanks,
- Phil
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux