[ On info-cyrus: ]
> I am seeing strange behavior with STARTTLS falling
> back to version 1 with outlook clients however when I
> connect from localhost using openssl client command it
> appears ready to do buisness using version 3.
> I am using Cyrus 2.0.16 and OpenSSL 0.9.6 and am using
> Outlook as my client to retrieve mail. The client
> craps out with a very generic error message:
> Aug 27 01:51:38 catfish imapd[3266]: [ID 459655
> local6.notice] TLS engine: canno
> t load CA data
> Aug 27 01:51:38 catfish imapd[3266]: [ID 781445
> local6.notice] starttls: TLSv1 w
> ith cipher RC4-MD5 (128/128 bits) no authentication
> Aug 27 01:51:38 catfish master[3004]: [ID 310780
> local6.debug] process 3266 exit
> ed, status 0
> Aug 27 01:55:53 catfish master[3280]: [ID 392559
> local6.debug] about to exec /us
> r/local/bin/imapd
> Aug 27 01:55:53 catfish service-imaps[3280]: [ID
> 518349 local6.debug] executed
> Aug 27 01:55:53 catfish imapd[3280]: [ID 921384
> local6.debug] accepted connectio
> n
> Aug 27 01:55:53 catfish imapd[3280]: [ID 459655
> local6.notice] TLS engine: canno
> t load CA data
> Aug 27 01:55:53 catfish imapd[3280]: [ID 781445
> local6.notice] starttls: TLSv1 w
> ith cipher DES-CBC3-SHA (168/168 bits) no
> authentication
> Aug 27 02:00:06 catfish imapd[3280]: [ID 921384
> local6.debug] accepted connectio
> n
> Aug 27 02:00:06 catfish imapd[3280]: [ID 781445
> local6.notice] starttls: TLSv1 w
> ith cipher RC4-MD5 (128/128 bits) no authentication
> Aug 27 02:00:06 catfish master[3004]: [ID 310780
> local6.debug] process 3280 exit
> ed, status 0
TLSv1 > SSL 3
I do not see any "falling back".
(And as far I know OpenSSL supports only SSL >= 2)
--
/"\ | Kari
\ / ASCII Ribbon Campaign | Hurtta
X Against HTML Mail |
/ \ |
