Hi Carsten! First of all, I would like to take the opportunity to thank you, Guido and all the icedove maintainers for all the awesome work you've done over the years with this software I've been using for more years than I can remember... I has been a great user experience thanks to you!
Now, following-up on this issue, it seems I'm also experiencing this problem, with the difference that it seems icedove is in fact trying to use sslv3 instead tls. This is what I see from the imap server's logs: cyrus/imap[19738]: imapd:Loading hard-coded DH parameters cyrus/imap[19738]: SSL_accept() incomplete -> wait cyrus/imap[19738]: sslv3 alert bad certificate in SSL_accept() -> fail cyrus/imap[19738]: STARTTLS negotiation failed: [client-ip] I thought that it might be just a notification issue, but once I fired up my mutt, it reports using tlsv1.2, which seems to be what icedove should be using instead of sslv3: cyrus/imaps[22441]: imapd:Loading hard-coded DH parameters cyrus/imaps[22441]: SSL_accept() incomplete -> wait cyrus/imaps[22441]: SSL_accept() succeeded -> done cyrus/imaps[22441]: starttls: TLSv1.2 with cipher AES128-SHA (128/128 bits new) no authentication cyrus/imaps[22441]: login: [client-ip] username LOGIN+TLS User logged in SESSIONID=<cyrus-32431-13432434234-1> cyrus/imaps[22441]: open: user dererk opened INBOX I performed what I think was almost all possible combinations, including removing all accounts and re-creating them, forcing security versioning down and I keep getting the same issue. Just for the record, the server certificate signature is not md5 but sha512 instead, and I'm experiencing this problem at the very moment the mtu is trying to load the certificates from the imap server, which in my case pops up a security exception, even though its signed using CAcert and the ca authority key has been manually imported. Once again thanks for all the work and hope I could provide any useful information (ask me for more otherwise and I'll kindly provide it) Cheers, Dererk -- BOFH excuse #270: Someone has messed up the kernel pointers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
