On Thu, 31 Jul 2008, Jonas Smedegaard wrote:
No patch was applied, IIRC.
Possibly stupid question: Are you certain you are not connecting
through some tunneling, so that uw-imap sees your connection as coming
from localhost? UW imap consider connections from localhost as unneeded
to encrypt.
In other words: Could you please elaborate on your setup - also to allow
others to repeat a similar scenario?
Sure. The simplest setup would be two machines, with both ipv4 and ipv6.
uw-imapd running on one, ssl enabled and both ipv4 and ipv6 working.
netstat will report something like:
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp6 0 0 :::143 :::* LISTEN
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp6 0 0 :::993 :::* LISTEN
From machine two, telnet to machine one on port 993. The connection should
be accepted, but nothing sent no matter which way you connect (ipv4 or
ipv6). What you see is nothing sent on ipv4, and a clear text greeting on
ipv6
[EMAIL PROTECTED] ~]$ telnet 2001:8b0:c5:1::20 993
Trying 2001:8b0:c5:1::20...
Connected to fluffy.internal.torchbox.com (2001:8b0:c5:1::20).
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS
LOGINDISABLED] [NON-IPv4] IMAP4rev1 2007.398 at Thu, 31 Jul 2008 16:07:38
+0100 (BST)
^]
telnet> quit
Connection closed.
[EMAIL PROTECTED] ~]$ telnet 192.168.1.20 993
Trying 192.168.1.20...
Connected to fluffy.internal.torchbox.com (192.168.1.20).
Escape character is '^]'.
^]
telnet> quit
Connection closed.
Now try again with an ipv6 enabled version of openssl s_client:
[EMAIL PROTECTED] ~]$ openssl s_client -host 2001:8b0:c5:1::20 -port 993 -quiet
28821:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:567:
[EMAIL PROTECTED] ~]$ openssl s_client -host 192.168.1.20 -port 993 -quiet
depth=0
/C=UK/ST=Oxfordshire/L=Oxford/O=Torchbox/OU=Servers/CN=fluffy.internal.t
orchbox.com/[EMAIL PROTECTED]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/C=UK/ST=Oxfordshire/L=Oxford/O=Torchbox/OU=Servers/CN=fluffy.internal.t
orchbox.com/[EMAIL PROTECTED]
verify error:num=27:certificate not trusted
verify return:1
depth=0
/C=UK/ST=Oxfordshire/L=Oxford/O=Torchbox/OU=Servers/CN=fluffy.internal.t
orchbox.com/[EMAIL PROTECTED]
verify error:num=21:unable to verify the first certificate
verify return:1
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=PLAIN
AUTH=LOGIN] fluffy.internal.torchbox.com IMAP4rev1 2007.398 at Thu, 31 Jul 2008
16:15:09+0100 (BST)
This shows that uw-imapd is responding in the clear for connections to
port 993 over ipv6, but currently encrypted on port 993 over ipv4
Nick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
