[email protected] writes:
The variable TLS_PROTOCOL was unset. So I tried to set it to TLS1.2, but I get the same error.
No, leave the setting at the default value. Before attempting to restrict the configuration to a specific protocol, get it working for the generic default case.
Also check TLS_STARTTLS_PROTOCOL too. TLS_PROTOCOL is for imapd-ssl, TLS_STARTTLS_PROTOCOL is for imap with STARTTLS.
My Debian is "uptodate". Yesterday I already checked it with aptitude update && aptitude safe-upgrade. The version of courier-imap-ssl is 4.15-1.6. I ve already reinstalled courier*. I dont know what is broken.
That version is almost two years old. The current version is 4.17.1
Two weeks ago I just had to renew my certificates, same procedure as every year. But this time I get the error.
I don't know offhand if a certificate can restrict the list of allowed ciphers and/or cipher strength. In 4.16 the default length of DH parameters was changed from 512 to 2048 bits; perhaps current certs require strong ciphers, and 2048 bit DH parameters.
Try regenerating DH parameters by rerunning the mkdhparams script, setting the DH_BITS environment variable to 2048, before running the script.
pgphAY_CNCUhU.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
