I apologize that this is a FAQ and will now scurry off to recompile. Yep,
that does it, it established a sslV3 connection immediately, authenticated
without a problem.
Are there more Eudora related questions in this 2.1 FAQ? Is it available
anywhere? Ah, you said it was available in CVS, I'll try to figure out how
to access it, I'm not a CVS maven by any stretch of the imagination, I
think I used it from a cookbook once several years ago.
I will write a note to their tech support.
RFC2246 describes TLS. It looks like the Standards Track RFC that requires
TLS for the STARTTLS command is RFC2595, specifically section 2.1, Cipher
Suite Requirements. So it looks like they are in violation of
2595. Perhaps the FAQ should be updated to point to 2595, the requirement
that TLS is a requirement for implementation of the STARTTLS command is
very clear there.
At 08:16 AM 9/27/2001 -0400, Ken Murchison wrote:
>Nick Simicich wrote:
> >
> > I did some searches in the archives. If there is anything similar,
> > searching on Eudora and ssl or tls didn't find it. Eudora will not
> > complete TLS negotiation with Cyrus.
> >
> > I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel
> box.
> >
> > I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm)
> > openssl-0.9.6b-7.
> >
> > I have generated a server key that works with Eudora 5.1 when I use it to
> > communicate with smtp and Postfix. It is not signed by a "known CA" but
> > Eudora allows you to "trust" a particular certificate. smtp goes through
> > the postfix use of the SSL library. However, when I use that same key to
> > connect to imap on the alternate port, things just don't work.
> >
> > The message (from Eudora) is:
> >
> > SSL Negotiation failed: You have configured the personality/protocol to
> > reject any exchange key lengths below 0. But the negotiated exchange key
> > length is -1. Hence this established secure channel is
> > unacceptable. Connection will be dropped. Cause: (-6996)
>
> >From doc/faq.html in CVS (to be inluded in the 2.1 release):
>
>Q: Eudora 5.x can't connect using STARTTLS ("SSL Neogotiation Failed").
>What should I do?
>
> A: First, complain to QUALCOMM because their STARTTLS
>implementation is broken. Eudora doesn't support TLSv1
> (per RFC2246) and Cyrus requires it. If you really need this
>before it is fixed in Eudora, remove or comment
> out the following lines in tls.c:
>
> if (tlsonly) {
> off |= SSL_OP_NO_SSLv2;
> off |= SSL_OP_NO_SSLv3;
> }
>
>
>FYI, I have complained to QUALCOMM with no response. Perhaps if more
>people complain, they will do something about it. After all, the
>command IS called STARTTLS and not STARTSSL.
--
We often hear of war described as if it were some kind of impersonal
affliction, such as the Black Plague or famine.The fact is that war is not
just something that happens, it is something that people make happen, and
they make it happen for reasons. As Clausewitz said, war is the continuation
of politics by other means. Exactly. War is neither a hurricane nor a flood.
It is, on the contrary, the cutting edge of ideology.
-- Jeff Cooper
Nick Simicich - [EMAIL PROTECTED] - http://scifi.squawk.com/njs.html
