Erwan David escribió: > On Tue, Mar 03, 2009 at 12:05:59PM CET, "Stefan Hornburg (Racke)" > <ra...@linuxia.de> said: > >> Erwan David wrote: >> >>> On Tue, Mar 03, 2009 at 11:01:20AM CET, Stefan Hornburg <ra...@linuxia.de> >>> said: >>> >>>> Erwan David wrote: >>>> >>>>> Package: courier-imap-ssl >>>>> Version: 4.4.0-2 >>>>> Severity: grave >>>>> Justification: renders package unusable >>>>> >>>>> Since upgrade to lenny, I cannot get a ssl connection with >>>>> courier-imap. Here is the log: >>>>> >>>>> Mar 3 09:55:09 maio imapd-ssl: couriertls: connect: error:1408F10B:SSL >>>>> routines:SSL3_GET_RECORD:wrong version number >>>>> >>>>> I get same error when I use fetchmail, mutt or openssl s_client to >>>>> connect. >>>>> >>>>> courier-pop-ssl works. >>>>> >>>> How does your /etc/courier/imapd-ssl configuration file look like? >>>> >>>> Regards >>>> Racke >>>> >>> Find it at the end of the message. Please note that courier-pop-ssl >>> works with the same settings. >>> >>> If I set TLS_PROTOCOL to SSL23, I get a "no shared ciphers" error, >>> even if I set TLS_CIPHER_LIST to ALL >>> >> What happens if you don't set TLS_PROTOCOL at all? >> >> Regards >> Racke >> > > Error is > > Mar 3 13:11:41 maio imapd-ssl: couriertls: connect: error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > If I add > TLS_CIPHER_LIST='SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength' > > or > TLS_CIPHER_LIST=ALL > > I get the same error. Even If I use > openssl s_client -connect maio:993 -cipher ALL on client side. > > > Helo Erwan.
Please try replacing the config with this: TLS_PROTOCOL=SSL3 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CIPHER_LIST="ALL:!SSLv2:!ADH:!NULL:!EXPORT:!DES:!LOW:@STRENGTH" That would use gnutls crypto instead openssl. Let's see if that helps finding out anything. Greetings, Dererk -- BOFH excuse #115: your keyboard's space bar is generating spurious keycodes.
signature.asc
Description: OpenPGP digital signature
