3 messages in net.sourceforge.lists.courier-usersRe: [courier-users] SIMAP (993) doesn...
FromSent OnAttachments
niclasSep 22, 2007 9:53 am 
Matthias WimmerSep 25, 2007 4:15 pm 
niclasNov 5, 2007 9:11 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] SIMAP (993) doesn't work with 0.56, SSL23 setting doesn't work eitherActions...
From:Matthias Wimmer (m@tthias.eu)
Date:Sep 25, 2007 4:15:48 pm
List:net.sourceforge.lists.courier-users

Hi Niclas!

niclas schrieb:

I can confirm that SSL23 doesn't work on my system, only SSL2 does, at least with some clients. The problem seems to be a handshaking / SSL-hello problem which affects STARTTLS-connections also.

If you set "SSL2" you have to be aware, that some other clients (those not using a SSL2.0 compatible handshake) will fail. This especially affects all mail clients using GnuTLS as their SSL/TLS implementation.

So I tried out different settings for TLS_STARTTLS_PROTOCOL:

- SSL2 works without forcing anything. - SSL23 works only if -tls1 is forced! (why?) - SSL3 works without forcing. - TLS1 works if forced (as said).

In case courier does not understand the setting (e.g. in case of 0.56.0 which does not know "SSL23") it interprets it as TLS1. This should explain why you have to force tls if you set SSL23.

I tried openssl s_client -connect host:993 with:

the GnuTLS test command (to test if you configuration works with this SSL implementation as well) is:

gnutls-cli server.domain -p 993

.. which will not work when set to "SSL2".

Matthias