Re: Treo 650 SSL Interaction with Cyrus

[Alec H. Peterson]

Oh man that's twisted, as soon as I started looking at it with ssldump it 
started working properly.  Now I'm thoroughly confused.

Alec
--On February 17, 2005 9:27:55 -0500 Ken Murchison <[EMAIL PROTECTED]> wrote:
Alec H. Peterson wrote:
Hi there,
I am using a Treo 650 with Chatter IMAP (which has IDLE support) to sync
with my Cyrus IMAP folders.  It works great over port 143, however over
port 993 the SSL refuses to synchronize.  I've already been in contact
with the developer of Chatter, and he says the SSL API on the Treo gives
the developer very little to play with.  Furthermore, when using
STARTTLS with the SMTP functionality against my Exim SMTP server (which
has the same version of OpenSSL and uses the same certificate) it works
just fine.  This leads me to believe that something Cyrus is doing with
OpenSSL is not agreeing with the Treo's SSL library.
Note that Chatter only supports IMAP over port 993, not STARTTLS IMAP at
this stage.
Anyway, I have attached a debugging log of the failed SSL negotiation
from the server side.  If somebody with some insight in to Cyrus's use
of OpenSSL could give me a clue about where to look to try and narrow
this down that would be really helpful.
You're probably better off using something like SSLdump
(http://www.rtfm.com/ssldump/) to debug this.  It will provide you with
more extensive and more readable output.

Thanks much,
Alec
Feb 16 17:10:12 ramirez master[32384]: about to exec /usr/cyrus/bin/imapd
Feb 16 17:10:12 ramirez imaps[32384]: executed
Feb 16 17:10:17 ramirez imaps[32289]: starting TLS server engine
Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA
data
Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA
data
Feb 16 17:10:17 ramirez imaps[32289]: setting up TLS connection
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:before/accept
initialization
Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33 01 00 00|2f 03
Feb 16 17:10:17 ramirez imaps[32289]: 000b - <SPACES/NULS>
Feb 16 17:10:17 ramirez imaps[32289]: 0000 3a 5e df 74 53 01 eb 69|dc bc
fd ff 0c c8 82 39
Feb 16 17:10:17 ramirez imaps[32289]: 0010 5c b8 89 33 35 6e 05 d4|79 e3
71 5e 45 3b 59 f7
Feb 16 17:10:17 ramirez imaps[32289]: 0020 00 00 08 00 04 00 05 00|64 00
03 01
Feb 16 17:10:17 ramirez imaps[32289]: 002d - <SPACES/NULS>
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello
A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server
hello A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write
certificate A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3
write server done A Feb 16 17:10:17 ramirez imaps[32289]:
SSL_accept:SSLv3 flush data Feb 16 17:10:17 ramirez imaps[32289]: 0000
16 03 00 00 33
Feb 16 17:10:17 ramirez imaps[32289]: 0000 01 00 00 2f 03 00 3a 5e|df 79
72 fb fa f8 ec 93
Feb 16 17:10:17 ramirez imaps[32289]: 0010 3b c4 07 94 20 12 88 f7|e0 25
ae 2b 88 39 e7 b1
Feb 16 17:10:17 ramirez imaps[32289]: 0020 5b 68 c5 b3 a5 6f 00 00|08 00
04 00 05 00 64 00
Feb 16 17:10:17 ramirez imaps[32289]: 0030 03 01
Feb 16 17:10:17 ramirez imaps[32289]: 0033 - <SPACES/NULS>
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello
C Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server
hello A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write
certificate A Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3
write server done A Feb 16 17:10:17 ramirez imaps[32289]:
SSL_accept:SSLv3 flush data Feb 16 17:10:18 ramirez imaps[32289]: 0000
16 03 00 00 84
Feb 16 17:10:18 ramirez imaps[32289]: 0000 10 00 00 80 24 1e d6 0f|b4 25
7c d8 c5 3e 66 78
Feb 16 17:10:18 ramirez imaps[32289]: 0010 d3 e8 fc 2c 22 14 b5 9c|35 a0
33 cc e8 aa bd f3
Feb 16 17:10:18 ramirez imaps[32289]: 0020 0e 19 c8 55 ae 87 2a 3b|89 c2
9b 19 3d 07 4c aa
Feb 16 17:10:18 ramirez imaps[32289]: 0030 a8 43 bf 1b 69 a6 37 15|81 94
89 a2 ae 5f 25 76
Feb 16 17:10:18 ramirez imaps[32289]: 0040 f7 24 61 1a ea c6 5d af|88 95
02 fa c3 c9 fc 33
Feb 16 17:10:18 ramirez imaps[32289]: 0050 8f 74 45 58 02 54 b8 68|c1 90
78 6a c9 fe 14 0f
Feb 16 17:10:18 ramirez imaps[32289]: 0060 29 e6 73 68 5a 1d 87 38|33 c9
a6 60 dc e3 44 8b
Feb 16 17:10:18 ramirez imaps[32289]: 0070 58 79 a5 b8 af 30 6d 60|19 a6
df 60 0f c5 fa ea
Feb 16 17:10:18 ramirez imaps[32289]: 0080 0c 8d 56 67
Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:SSLv3 read client key
exchange A
Feb 16 17:10:18 ramirez imaps[32289]: 0000 14 03 00 00 01
Feb 16 17:10:18 ramirez imaps[32289]: 0000 01
Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 38
Feb 16 17:10:18 ramirez imaps[32289]: 0000 48 26 76 cc 52 e3 92 ca|bc bf
8d 38 17 13 73 1a
Feb 16 17:10:18 ramirez imaps[32289]: 0010 20 4d 62 94 fb a2 39 51|d3 ef
c9 59 91 6f 28 f0
Feb 16 17:10:18 ramirez imaps[32289]: 0020 41 7f a1 39 96 d8 ad 73|5b ed
27 db 33 dc 21 0f
Feb 16 17:10:18 ramirez imaps[32289]: 0030 c3 46 04 20 54 6e e0 c1|
Feb 16 17:10:18 ramirez imaps[32289]: SSL3 alert write:fatal:bad record
mac Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read
certificate verify A
Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed:
032-374-746.area5.spcsdns.net [70.2.19.200]
Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read
certificate verify A
Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed:
032-374-746.area5.spcsdns.net [70.2.19.200]
Feb 16 17:10:18 ramirez imaps[32289]: Fatal error: tls_start_servertls()
failed

--
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
!DSPAM:4214a960220691250913787!



---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html