Nick Simicich wrote:
>
> I did some searches in the archives. If there is anything similar,
> searching on Eudora and ssl or tls didn't find it. Eudora will not
> complete TLS negotiation with Cyrus.
>
> I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel box.
>
> I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm)
> openssl-0.9.6b-7.
>
> I have generated a server key that works with Eudora 5.1 when I use it to
> communicate with smtp and Postfix. It is not signed by a "known CA" but
> Eudora allows you to "trust" a particular certificate. smtp goes through
> the postfix use of the SSL library. However, when I use that same key to
> connect to imap on the alternate port, things just don't work.
>
> The message (from Eudora) is:
>
> SSL Negotiation failed: You have configured the personality/protocol to
> reject any exchange key lengths below 0. But the negotiated exchange key
> length is -1. Hence this established secure channel is
> unacceptable. Connection will be dropped. Cause: (-6996)
>From doc/faq.html in CVS (to be inluded in the 2.1 release):
Q: Eudora 5.x can't connect using STARTTLS ("SSL Neogotiation Failed").
What should I do?
A: First, complain to QUALCOMM because their STARTTLS
implementation is broken. Eudora doesn't support TLSv1
(per RFC2246) and Cyrus requires it. If you really need this
before it is fixed in Eudora, remove or comment
out the following lines in tls.c:
if (tlsonly) {
off |= SSL_OP_NO_SSLv2;
off |= SSL_OP_NO_SSLv3;
}
FYI, I have complained to QUALCOMM with no response. Perhaps if more
people complain, they will do something about it. After all, the
command IS called STARTTLS and not STARTSSL.
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
