On Sun, Oct 11, 2015 at 2:40 PM, Sam Varshavchik <mr...@courier-mta.com> wrote:
> bit_hi te writes: > > Hi, >> >> I've managed to solve the "return code: 21 (unable to verify the first >> certificate)" part. >> Did a "cat server_ssl_cert.pem CA_intermediate_cert.crt CA_root_cert.crt >> > imapd.pem and set this as TLS_CERTFILE (no change of TLS_TRUSTCERTS). >> >> Still don't have TLS working though. The connection hangs as below: >> >> $ openssl s_client -starttls imap -tls1_2 -connect hostname:993 -crlf >> CONNECTED(00000003) >> > > "Don't have TLS working" is a very generic, but not a very useful > description. Instead of paraphrasing what you did, you need to show > explicitly what configuration settings you're trying to use. > True. Please find below the configuration file with no comments: SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/imapd-ssl.pid SSLLOGGEROPTS="-name=imapd-ssl" IMAPDSSLSTART=NO IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=1 COURIERTLS=/usr/sbin/couriertls TLS_PROTOCOL="TLS1_2" TLS_CIPHER_LIST="TLSv1.2:!TLSv1_1:!TLSv1:HIGH:!SSLv3:!SSLv2!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH :!aNULL:!eNULL:!PSK:!RC4:!MD5:!aDH:!DH" TLS_STARTTLS_PROTOCOL="TLS1_2" TLS_CERTFILE=/etc/courier-imap/imapd.pem TLS_DHPARAMS=/etc/courier-imap/imapd_dhparams.pem TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=PEER TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache TLS_CACHESIZE=524288 Thanks for your help!
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
