[mew-int 2912] Re: Problems connecting to imap with TLS

Mon Aug 30 17:09:57 JST 2010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oh, and setting both to "993" does not help either, then
*Mew debug* ends with this:
- -----------------------------------------------------------
<SSL/TLS: >
2010.08.30 11:05:00 LOG5[26613:3077507952]: connect_blocking: connected
130.232.202.133:993
2010.08.30 11:05:00 LOG5[26613:3077507952]: 9529 connected remote server
from 192.168.11.3:45288
2010.08.30 11:05:00 LOG7[26613:3077507952]: Remote FD=14 initialized
2010.08.30 11:05:00 LOG5[26613:3077507952]: Negotiations for imap
(client side) started

<SSL/TLS: >
2010.08.30 11:06:00 LOG3[26613:3077507952]: readsocket (fdgetline):
Connection reset by peer (104)
2010.08.30 11:06:00 LOG5[26613:3077507952]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2010.08.30 11:06:00 LOG7[26613:3077507952]: 9529 finished (0 left)
- ------------------------------------------------------------

which compared to the original settings:
- ---------------------------------------------------
<SSL/TLS: >
2010.08.30 09:31:11 LOG5[1013:3078433648]: connect_blocking: connected
130.232.202.133:143
2010.08.30 09:31:11 LOG5[1013:3078433648]: 10826 connected remote server
from 192.168.11.3:41954
2010.08.30 09:31:11 LOG7[1013:3078433648]: Remote FD=14 initialized
2010.08.30 09:31:11 LOG5[1013:3078433648]: Negotiations for imap (client
side) started

<SSL/TLS: >
2010.08.30 09:31:11 LOG3[1013:3078433648]: Input line too long
2010.08.30 09:31:11 LOG5[1013:3078433648]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2010.08.30 09:31:11 LOG7[1013:3078433648]: 10826 finished (0 left)
- --------------------------------------------------------

Does IMHO show, that with "143" there is a response from the other end,
and with "993" there isn't.

Hope this helps.

Best,

Harri K.

On 30/08/10 10:47, Harri Kiiskinen wrote:
> On 30/08/10 10:20, Harald Hanche-Olsen wrote:
>> + Harri Kiiskinen <harri.kiiskinen at example.com>:
> 
>>> 	 (imap-port 143)
>>> 	 (imap-ssl-port 143)
> 
>> They run imap over tls on port 143? Are you sure you got that right?
>> The corresponding lines in my setup look like this:
> 
>> 	   (imap-port "143")
>> 	   (imap-ssl-port "993")	; same port: use tls
> 
>> Try it and see if it doesn't help.
> 
> No improvement, but a change: no mention of TLSv1 in the mewstunnel
> config (below), and an error message in *Mew debug*, almost at the end
> of the log included further below.
> 
> The web page with instructions for Thunderbird (which does work,
> incidentally) says: server imap.utu.fi, security STARTTLS, port 143,
> auth.type 'normal password', perhaps meaning PLAIN.
> 
> Best,
> 
> Harri K.
> 
> 
> mewstunnel config:
> -----------------------------
> client=yes
> pid=
> verify=0
> foreground=yes
> debug=debug
> syslog=no
> CApath=/etc/ssl/certs
> [8597]
> accept=127.0.0.1:8597
> connect=imap.utu.fi:993
> ----------------------------
> 
> *Mew debug*
> -----------------------------------------------
> <SSL/TLS: >
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: RAND_status claims
> sufficient entropy for the PRNG
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: PRNG seeded successfully
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: Verify directory set to
> /etc/ssl/certs
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: Added /etc/ssl/certs
> revocation lookup directory
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: SSL context initialized for
> service 8597
> 2010.08.30 10:35:58 LOG5[25859:3074234576]: stunnel 4.29 on
> i486-pc-linux-gnu with OpenSSL 0.9.8o 01 Jun 2010
> 2010.08.30 10:35:58 LOG5[25859:3074234576]: Threading:PTHREAD SSL:ENGINE
> Sockets:POLL,IPv6 Auth:LIBWRAP
> 2010.08.30 10:35:58 LOG6[25859:3074234576]: file ulimit = 1024 (can be
> changed with 'ulimit -n')
> 2010.08.30 10:35:58 LOG6[25859:3074234576]: poll() used - no FD_SETSIZE
> limit for file descriptors
> 2010.08.30 10:35:58 LOG5[25859:3074234576]: 500 clients allowed
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: FD 8 in non-blocking mode
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: FD 11 in non-blocking mode
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: FD 12 in non-blocking mode
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: SO_REUSEADDR option set on
> accept socket
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: 8597 bound to 127.0.0.1:8597
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: No pid file being created
> 
> 
> <SSL/TLS: >
> 2010.08.30 10:35:58 LOG7[25859:3074234576]: 8597 accepted FD=13 from
> 127.0.0.1:51131
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: 8597 started
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: FD 13 in non-blocking mode
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: Waiting for a libwrap process
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: Acquired libwrap process #0
> 
> 
> <SSL/TLS: >
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: Releasing libwrap process #0
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: Released libwrap process #0
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: 8597 permitted by libwrap
> from 127.0.0.1:51131
> 2010.08.30 10:35:58 LOG5[25859:3077802864]: 8597 accepted connection
> from 127.0.0.1:51131
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: FD 14 in non-blocking mode
> 2010.08.30 10:35:58 LOG6[25859:3077802864]: connect_blocking: connecting
> 130.232.202.133:993
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: connect_blocking:
> s_poll_wait 130.232.202.133:993: waiting 10 seconds
> 
> 
> <SSL/TLS: >
> 2010.08.30 10:35:58 LOG5[25859:3077802864]: connect_blocking: connected
> 130.232.202.133:993
> 2010.08.30 10:35:58 LOG5[25859:3077802864]: 8597 connected remote server
> from 192.168.11.3:47252
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: Remote FD=14 initialized
> 
> 
> <SSL/TLS: >
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: SSL state (connect):
> before/connect initialization
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: SSL state (connect): SSLv3
> write client hello A
> 
> 
> <SSL/TLS: >
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: SSL alert (write): fatal:
> handshake failure
> 2010.08.30 10:35:58 LOG3[25859:3077802864]: SSL_connect: 1408F10B:
> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> 2010.08.30 10:35:58 LOG5[25859:3077802864]: Connection reset: 0 bytes
> sent to SSL, 0 bytes sent to socket
> 2010.08.30 10:35:58 LOG7[25859:3077802864]: 8597 finished (0 left)
> ----------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx7Z1MACgkQ96/ytBLubNlvLQCfT4IpiivOuA7dt3vmtmQuGhZL
sJsAn1ojetLUi4l3U4oAFQu0QIZ5ZdoV
=b4We
-----END PGP SIGNATURE-----