34 messages in net.sourceforge.lists.courier-usersRe: [courier-users] 540 TLS not avail...| From | Sent On | Attachments |
|---|---|---|
| Ricardo Kleemann | Mar 31, 2009 8:38 pm | |
| Sam Varshavchik | Apr 1, 2009 4:06 am | |
| Ricardo Kleemann | Apr 1, 2009 8:09 am | |
| Sam Varshavchik | Apr 1, 2009 4:40 pm | |
| Ricardo Kleemann | Apr 1, 2009 4:50 pm | |
| Sam Varshavchik | Apr 1, 2009 5:05 pm | |
| Jeff Jansen | Apr 1, 2009 8:00 pm | |
| Ricardo Kleemann | Apr 2, 2009 8:20 am | |
| Sam Varshavchik | Apr 2, 2009 3:19 pm | |
| Ricardo Kleemann | Apr 3, 2009 8:22 am | |
| Sam Varshavchik | Apr 3, 2009 3:00 pm | |
| Ricardo Kleemann | Apr 3, 2009 3:20 pm | |
| Gordon Messmer | Apr 3, 2009 3:54 pm | |
| Ricardo Kleemann | Apr 3, 2009 5:24 pm | |
| Gordon Messmer | Apr 4, 2009 8:08 pm | |
| Ricardo Kleemann | Apr 4, 2009 9:13 pm | |
| Gordon Messmer | Apr 4, 2009 9:42 pm | |
| Sam Varshavchik | Apr 4, 2009 9:49 pm | |
| Ricardo Kleemann | Apr 4, 2009 10:39 pm | |
| Sam Varshavchik | Apr 5, 2009 6:54 am | |
| Ricardo Kleemann | Apr 5, 2009 9:21 am | |
| Sam Varshavchik | Apr 5, 2009 12:14 pm | |
| Ricardo Kleemann | Apr 5, 2009 12:55 pm | |
| Ricardo Kleemann | Apr 5, 2009 12:56 pm | |
| Gordon Messmer | Apr 5, 2009 1:50 pm | |
| Ricardo Kleemann | Apr 5, 2009 1:58 pm | |
| Brian A. Seklecki | Apr 5, 2009 4:31 pm | |
| Sam Varshavchik | Apr 5, 2009 5:13 pm | |
| Ricardo Kleemann | Apr 6, 2009 9:07 am | |
| Gordon Messmer | Apr 6, 2009 9:33 am | |
| Ricardo Kleemann | Apr 6, 2009 9:34 am | |
| Brian A. Seklecki | Apr 6, 2009 9:54 am | |
| Bowie Bailey | Apr 6, 2009 9:57 am | |
| Bowie Bailey | Apr 6, 2009 9:59 am |
| Subject: | Re: [courier-users] 540 TLS not available. | |
|---|---|---|
| From: | Ricardo Kleemann (rica...@americasnet.com) | |
| Date: | Apr 5, 2009 9:21:44 am | |
| List: | net.sourceforge.lists.courier-users | |
Ok thanks.
Where do I find instructions to generate a new certificate?
Delete all existing certificate files.
Run the mkesmtpdcert script to generate a certificate for the esmtp server.
Either copy it as an imap or a pop3 certificate, or run mkpop3dcert and mkimapdcert scripts.
Ok, I've regenerated the certificate.
The ssl2 and ssl3 still fail. The tls1 looks like it's ok.
What do I need to do to make the ssl2/3 not fail?
$ openssl s_client -starttls smtp -connect localhost:25 -ssl2 CONNECTED(00000003) write:errno=104
$ openssl s_client -starttls smtp -connect localhost:25 -ssl3 CONNECTED(00000003) 27102:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40 27102:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
$ openssl s_client -starttls smtp -connect localhost:25 -tls1 CONNECTED(00000003) depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/emailAddress=post...@example.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/emailAddress=post...@example.com verify return:1
--- Certificate chain 0 s:/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/emailAddress=post...@example.com i:/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/emailAddress=post...@example.com
--- Server certificate -----BEGIN CERTIFICATE----- MIIDCzCCAnSgAwIBAgIJANY9fHGTgkqBMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD VQQGEwJVUzELMAkGA1UECBMCTlkxETAPBgNVBAcTCE5ldyBZb3JrMRwwGgYDVQQK ExNDb3VyaWVyIE1haWwgU2VydmVyMTMwMQYDVQQLEypBdXRvbWF0aWNhbGx5LWdl bmVyYXRlZCBFU01UUCBTVEFSVFRMUyBrZXkxEjAQBgNVBAMTCWxvY2FsaG9zdDEl MCMGCSqGSIb3DQEJARYWcG9zdG1hc3RlckBleGFtcGxlLmNvbTAeFw0wOTA0MDUx NjE0MjhaFw0xMDA0MDUxNjE0MjhaMIG7MQswCQYDVQQGEwJVUzELMAkGA1UECBMC TlkxETAPBgNVBAcTCE5ldyBZb3JrMRwwGgYDVQQKExNDb3VyaWVyIE1haWwgU2Vy dmVyMTMwMQYDVQQLEypBdXRvbWF0aWNhbGx5LWdlbmVyYXRlZCBFU01UUCBTVEFS VFRMUyBrZXkxEjAQBgNVBAMTCWxvY2FsaG9zdDElMCMGCSqGSIb3DQEJARYWcG9z dG1hc3RlckBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA r2uSiQZFw6LXI4iAgeI8Gip9Ot+7AiMtZQcPrTmkPbti2PdaE4SKHH1q07ZU/ndj +DZvhOzJEA3R3EyWsCeWkek+W4RbKkEAWLj2X4EOxeuNuESMd1Uylj/KreP4W5yr o4dPlKSC5AgABYShwTdOQSwvnueNLvCritbgbSjhwk0CAwEAAaMVMBMwEQYJYIZI AYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBBQUAA4GBAJxkkEsxczC/cr2/MSUg3WjO pdFVaiyiUHPT7aK7DgczrshOjSAGhWpFQvUqIw4/toGCDCkki8wEgIfplX7gWaOZ Rd59Rzi1avsF342Yw5ong94aueM7qiecyuRjJxLoUnl9PSgE0Tfg84DHGRW1OPi2 YqRXRK7vqNAB0khUIPm9 -----END CERTIFICATE----- subject=/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/emailAddress=post...@example.com issuer=/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/emailAddress=post...@example.com
--- No client certificate CA names sent
--- SSL handshake has read 1175 bytes and written 320 bytes
--- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: C173927C36D73F6DA7DC1F11C9969694F8807587CD7D3C7A88DC0435A26BFA22 Session-ID-ctx: Master-Key: 8C20F4AFC7C4EA953897C6FB79F54FF52D7D8BC1606008D829889ABBC955FDDD0216F402F7E2DCD61D858EE4AF7D41BD Key-Arg : None Compression: 1 (zlib compression) Start Time: 1238948252 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate)
--- 250 DSN
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list cour...@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users