I wil complain too!!
Rick
On Thu, 27 Sep 2001, Ken Murchison wrote:
>
>
> Nick Simicich wrote:
> >
> > I did some searches in the archives. If there is anything similar,
> > searching on Eudora and ssl or tls didn't find it. Eudora will not
> > complete TLS negotiation with Cyrus.
> >
> > I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel box.
> >
> > I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm)
> > openssl-0.9.6b-7.
> >
> > I have generated a server key that works with Eudora 5.1 when I use it to
> > communicate with smtp and Postfix. It is not signed by a "known CA" but
> > Eudora allows you to "trust" a particular certificate. smtp goes through
> > the postfix use of the SSL library. However, when I use that same key to
> > connect to imap on the alternate port, things just don't work.
> >
> > The message (from Eudora) is:
> >
> > SSL Negotiation failed: You have configured the personality/protocol to
> > reject any exchange key lengths below 0. But the negotiated exchange key
> > length is -1. Hence this established secure channel is
> > unacceptable. Connection will be dropped. Cause: (-6996)
>
> >From doc/faq.html in CVS (to be inluded in the 2.1 release):
>
> Q: Eudora 5.x can't connect using STARTTLS ("SSL Neogotiation Failed").
> What should I do?
>
> A: First, complain to QUALCOMM because their STARTTLS
> implementation is broken. Eudora doesn't support TLSv1
> (per RFC2246) and Cyrus requires it. If you really need this
> before it is fixed in Eudora, remove or comment
> out the following lines in tls.c:
>
> if (tlsonly) {
> off |= SSL_OP_NO_SSLv2;
> off |= SSL_OP_NO_SSLv3;
> }
>
>
> FYI, I have complained to QUALCOMM with no response. Perhaps if more
> people complain, they will do something about it. After all, the
> command IS called STARTTLS and not STARTSSL.
>
> Ken
> --
> Kenneth Murchison Oceana Matrix Ltd.
> Software Engineer 21 Princeton Place
> 716-662-8973 x26 Orchard Park, NY 14127
> --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
>
