Hi,
I'm trying to finish up the setup of a mail server and everything has gone
fine, except for this one little speed-bump here at the end.
I have imapd-ssl running:
TLS_CIPHER_LIST="SSLv3"
TLS_PROTOCOL=SSL3
This works fine with Outlook and Bloomba.
But, with Eudora (Version 6.1.2.0), I get this lovely error message:
imapd-ssl: couriertls: accept: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I suspect that I'm running into the problem specified by Eudora's Document
ID: 2431HQ, which says:
ISSUE:
Eudora will not perform SSL negotiation with OpenSSL
RESOLUTION:
This is not an issue that can be addressed in Eudora. Eudora relies on the
Certicom SSL Plus Libraries to perform SSL negotiation and it is in fact
the libraries themselves that are the source of the issue.
With OpenSSL0.9.6c the OpenSSL developers added in "CBC countermeasures",
which when implemented, Eudora and other applications that rely on the
Certicom SSL Plus libraries have issues connecting to.
With OpenSSL0.9.6d (or later) the OpenSSL developers have put an option in
OpenSSL to disable the CBC Countermeasure. These countermeasures must be
disabled in order to allow Eudora to successfully negotiate an SSL connection.
but then when I go and look at Eudora's release notes, I see:
----------------------------------------------
CHANGES FROM 6.1 TO 6.1.1
----------------------------------------------
SSL
---
Fixed crash when attempting SSL negotiation without a usercerts.p7b
file.
Fixed bug that caused SSL negotiations to fail on OpenSSL servers with
the CBC countermeasure on.
The user is now warned if Eudora is unable to save SSL certificate
changes.
I see in libcouriertls.c: SSL_CTX_set_options(ctx, SSL_OP_ALL); which
seems to imply that all the bug workarounds are enabled for SSL -- and yet
i'm still running into this issue with Eudora.
Can anyone give me a hand with this? thanks!
1 message in net.sourceforge.lists.courier-users[courier-users] Eudora, Courier and i...
