I wil complain too!!
Rick On Thu, 27 Sep 2001, Ken Murchison wrote: > > > Nick Simicich wrote: > > > > I did some searches in the archives. If there is anything similar, > > searching on Eudora and ssl or tls didn't find it. Eudora will not > > complete TLS negotiation with Cyrus. > > > > I am running Redhat Roswell (the current Redhat Beta, 7.1+) on an Intel box. > > > > I am running cyrus-imapd-2.0.15-HIERSEP-r2, and (from the Redhat rpm) > > openssl-0.9.6b-7. > > > > I have generated a server key that works with Eudora 5.1 when I use it to > > communicate with smtp and Postfix. It is not signed by a "known CA" but > > Eudora allows you to "trust" a particular certificate. smtp goes through > > the postfix use of the SSL library. However, when I use that same key to > > connect to imap on the alternate port, things just don't work. > > > > The message (from Eudora) is: > > > > SSL Negotiation failed: You have configured the personality/protocol to > > reject any exchange key lengths below 0. But the negotiated exchange key > > length is -1. Hence this established secure channel is > > unacceptable. Connection will be dropped. Cause: (-6996) > > >From doc/faq.html in CVS (to be inluded in the 2.1 release): > > Q: Eudora 5.x can't connect using STARTTLS ("SSL Neogotiation Failed"). > What should I do? > > A: First, complain to QUALCOMM because their STARTTLS > implementation is broken. Eudora doesn't support TLSv1 > (per RFC2246) and Cyrus requires it. If you really need this > before it is fixed in Eudora, remove or comment > out the following lines in tls.c: > > if (tlsonly) { > off |= SSL_OP_NO_SSLv2; > off |= SSL_OP_NO_SSLv3; > } > > > FYI, I have complained to QUALCOMM with no response. Perhaps if more > people complain, they will do something about it. After all, the > command IS called STARTTLS and not STARTSSL. > > Ken > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp >