[mew-int 2911] Re: Problems connecting to imap with TLS

Harri Kiiskinen harri.kiiskinen at example.com
Mon Aug 30 16:47:31 JST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 30/08/10 10:20, Harald Hanche-Olsen wrote:
> + Harri Kiiskinen <harri.kiiskinen at example.com>:
> 
>> 	 (imap-port 143)
>> 	 (imap-ssl-port 143)
> 
> They run imap over tls on port 143? Are you sure you got that right?
> The corresponding lines in my setup look like this:
> 
> 	   (imap-port "143")
> 	   (imap-ssl-port "993")	; same port: use tls
> 
> Try it and see if it doesn't help.

No improvement, but a change: no mention of TLSv1 in the mewstunnel
config (below), and an error message in *Mew debug*, almost at the end
of the log included further below.

The web page with instructions for Thunderbird (which does work,
incidentally) says: server imap.utu.fi, security STARTTLS, port 143,
auth.type 'normal password', perhaps meaning PLAIN.

Best,

Harri K.


mewstunnel config:
- -----------------------------
client=yes
pid=
verify=0
foreground=yes
debug=debug
syslog=no
CApath=/etc/ssl/certs
[8597]
accept=127.0.0.1:8597
connect=imap.utu.fi:993
- ----------------------------

*Mew debug*
- -----------------------------------------------
<SSL/TLS: >
2010.08.30 10:35:58 LOG7[25859:3074234576]: RAND_status claims
sufficient entropy for the PRNG
2010.08.30 10:35:58 LOG7[25859:3074234576]: PRNG seeded successfully
2010.08.30 10:35:58 LOG7[25859:3074234576]: Verify directory set to
/etc/ssl/certs
2010.08.30 10:35:58 LOG7[25859:3074234576]: Added /etc/ssl/certs
revocation lookup directory
2010.08.30 10:35:58 LOG7[25859:3074234576]: SSL context initialized for
service 8597
2010.08.30 10:35:58 LOG5[25859:3074234576]: stunnel 4.29 on
i486-pc-linux-gnu with OpenSSL 0.9.8o 01 Jun 2010
2010.08.30 10:35:58 LOG5[25859:3074234576]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6 Auth:LIBWRAP
2010.08.30 10:35:58 LOG6[25859:3074234576]: file ulimit = 1024 (can be
changed with 'ulimit -n')
2010.08.30 10:35:58 LOG6[25859:3074234576]: poll() used - no FD_SETSIZE
limit for file descriptors
2010.08.30 10:35:58 LOG5[25859:3074234576]: 500 clients allowed
2010.08.30 10:35:58 LOG7[25859:3074234576]: FD 8 in non-blocking mode
2010.08.30 10:35:58 LOG7[25859:3074234576]: FD 11 in non-blocking mode
2010.08.30 10:35:58 LOG7[25859:3074234576]: FD 12 in non-blocking mode
2010.08.30 10:35:58 LOG7[25859:3074234576]: SO_REUSEADDR option set on
accept socket
2010.08.30 10:35:58 LOG7[25859:3074234576]: 8597 bound to 127.0.0.1:8597
2010.08.30 10:35:58 LOG7[25859:3074234576]: No pid file being created


<SSL/TLS: >
2010.08.30 10:35:58 LOG7[25859:3074234576]: 8597 accepted FD=13 from
127.0.0.1:51131
2010.08.30 10:35:58 LOG7[25859:3077802864]: 8597 started
2010.08.30 10:35:58 LOG7[25859:3077802864]: FD 13 in non-blocking mode
2010.08.30 10:35:58 LOG7[25859:3077802864]: Waiting for a libwrap process
2010.08.30 10:35:58 LOG7[25859:3077802864]: Acquired libwrap process #0


<SSL/TLS: >
2010.08.30 10:35:58 LOG7[25859:3077802864]: Releasing libwrap process #0
2010.08.30 10:35:58 LOG7[25859:3077802864]: Released libwrap process #0
2010.08.30 10:35:58 LOG7[25859:3077802864]: 8597 permitted by libwrap
from 127.0.0.1:51131
2010.08.30 10:35:58 LOG5[25859:3077802864]: 8597 accepted connection
from 127.0.0.1:51131
2010.08.30 10:35:58 LOG7[25859:3077802864]: FD 14 in non-blocking mode
2010.08.30 10:35:58 LOG6[25859:3077802864]: connect_blocking: connecting
130.232.202.133:993
2010.08.30 10:35:58 LOG7[25859:3077802864]: connect_blocking:
s_poll_wait 130.232.202.133:993: waiting 10 seconds


<SSL/TLS: >
2010.08.30 10:35:58 LOG5[25859:3077802864]: connect_blocking: connected
130.232.202.133:993
2010.08.30 10:35:58 LOG5[25859:3077802864]: 8597 connected remote server
from 192.168.11.3:47252
2010.08.30 10:35:58 LOG7[25859:3077802864]: Remote FD=14 initialized


<SSL/TLS: >
2010.08.30 10:35:58 LOG7[25859:3077802864]: SSL state (connect):
before/connect initialization
2010.08.30 10:35:58 LOG7[25859:3077802864]: SSL state (connect): SSLv3
write client hello A


<SSL/TLS: >
2010.08.30 10:35:58 LOG7[25859:3077802864]: SSL alert (write): fatal:
handshake failure
2010.08.30 10:35:58 LOG3[25859:3077802864]: SSL_connect: 1408F10B:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2010.08.30 10:35:58 LOG5[25859:3077802864]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2010.08.30 10:35:58 LOG7[25859:3077802864]: 8597 finished (0 left)
- ----------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx7YhAACgkQ96/ytBLubNnvpACfQ/06FvPjvBdJzIGXurwqAeHq
5FEAnjOGrmoUO/QcrwPx13b5+tzbuscU
=48SB
-----END PGP SIGNATURE-----

More information about the Mew-int mailing list