Treo 650 SSL Interaction with Cyrus

[Alec H. Peterson]

Hi there,
I am using a Treo 650 with Chatter IMAP (which has IDLE support) to sync 
with my Cyrus IMAP folders.  It works great over port 143, however over 
port 993 the SSL refuses to synchronize.  I've already been in contact with 
the developer of Chatter, and he says the SSL API on the Treo gives the 
developer very little to play with.  Furthermore, when using STARTTLS with 
the SMTP functionality against my Exim SMTP server (which has the same 
version of OpenSSL and uses the same certificate) it works just fine.  This 
leads me to believe that something Cyrus is doing with OpenSSL is not 
agreeing with the Treo's SSL library.

Note that Chatter only supports IMAP over port 993, not STARTTLS IMAP at 
this stage.

Anyway, I have attached a debugging log of the failed SSL negotiation from 
the server side.  If somebody with some insight in to Cyrus's use of 
OpenSSL could give me a clue about where to look to try and narrow this 
down that would be really helpful.

Thanks much,
Alec
Feb 16 17:10:12 ramirez master[32384]: about to exec /usr/cyrus/bin/imapd
Feb 16 17:10:12 ramirez imaps[32384]: executed
Feb 16 17:10:17 ramirez imaps[32289]: starting TLS server engine
Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA data
Feb 16 17:10:17 ramirez imaps[32289]: TLS server engine: cannot load CA data
Feb 16 17:10:17 ramirez imaps[32289]: setting up TLS connection
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:before/accept 
initialization
Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33 01 00 00|2f 03
Feb 16 17:10:17 ramirez imaps[32289]: 000b - <SPACES/NULS>
Feb 16 17:10:17 ramirez imaps[32289]: 0000 3a 5e df 74 53 01 eb 69|dc bc fd 
ff 0c c8 82 39
Feb 16 17:10:17 ramirez imaps[32289]: 0010 5c b8 89 33 35 6e 05 d4|79 e3 71 
5e 45 3b 59 f7
Feb 16 17:10:17 ramirez imaps[32289]: 0020 00 00 08 00 04 00 05 00|64 00 03 
01
Feb 16 17:10:17 ramirez imaps[32289]: 002d - <SPACES/NULS>
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello A
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server hello A
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write certificate A
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server done A
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 flush data
Feb 16 17:10:17 ramirez imaps[32289]: 0000 16 03 00 00 33
Feb 16 17:10:17 ramirez imaps[32289]: 0000 01 00 00 2f 03 00 3a 5e|df 79 72 
fb fa f8 ec 93
Feb 16 17:10:17 ramirez imaps[32289]: 0010 3b c4 07 94 20 12 88 f7|e0 25 ae 
2b 88 39 e7 b1
Feb 16 17:10:17 ramirez imaps[32289]: 0020 5b 68 c5 b3 a5 6f 00 00|08 00 04 
00 05 00 64 00
Feb 16 17:10:17 ramirez imaps[32289]: 0030 03 01
Feb 16 17:10:17 ramirez imaps[32289]: 0033 - <SPACES/NULS>
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 read client hello C
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server hello A
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write certificate A
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 write server done A
Feb 16 17:10:17 ramirez imaps[32289]: SSL_accept:SSLv3 flush data
Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 84
Feb 16 17:10:18 ramirez imaps[32289]: 0000 10 00 00 80 24 1e d6 0f|b4 25 7c 
d8 c5 3e 66 78
Feb 16 17:10:18 ramirez imaps[32289]: 0010 d3 e8 fc 2c 22 14 b5 9c|35 a0 33 
cc e8 aa bd f3
Feb 16 17:10:18 ramirez imaps[32289]: 0020 0e 19 c8 55 ae 87 2a 3b|89 c2 9b 
19 3d 07 4c aa
Feb 16 17:10:18 ramirez imaps[32289]: 0030 a8 43 bf 1b 69 a6 37 15|81 94 89 
a2 ae 5f 25 76
Feb 16 17:10:18 ramirez imaps[32289]: 0040 f7 24 61 1a ea c6 5d af|88 95 02 
fa c3 c9 fc 33
Feb 16 17:10:18 ramirez imaps[32289]: 0050 8f 74 45 58 02 54 b8 68|c1 90 78 
6a c9 fe 14 0f
Feb 16 17:10:18 ramirez imaps[32289]: 0060 29 e6 73 68 5a 1d 87 38|33 c9 a6 
60 dc e3 44 8b
Feb 16 17:10:18 ramirez imaps[32289]: 0070 58 79 a5 b8 af 30 6d 60|19 a6 df 
60 0f c5 fa ea
Feb 16 17:10:18 ramirez imaps[32289]: 0080 0c 8d 56 67
Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:SSLv3 read client key 
exchange A
Feb 16 17:10:18 ramirez imaps[32289]: 0000 14 03 00 00 01
Feb 16 17:10:18 ramirez imaps[32289]: 0000 01
Feb 16 17:10:18 ramirez imaps[32289]: 0000 16 03 00 00 38
Feb 16 17:10:18 ramirez imaps[32289]: 0000 48 26 76 cc 52 e3 92 ca|bc bf 8d 
38 17 13 73 1a
Feb 16 17:10:18 ramirez imaps[32289]: 0010 20 4d 62 94 fb a2 39 51|d3 ef c9 
59 91 6f 28 f0
Feb 16 17:10:18 ramirez imaps[32289]: 0020 41 7f a1 39 96 d8 ad 73|5b ed 27 
db 33 dc 21 0f
Feb 16 17:10:18 ramirez imaps[32289]: 0030 c3 46 04 20 54 6e e0 c1|
Feb 16 17:10:18 ramirez imaps[32289]: SSL3 alert write:fatal:bad record mac
Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read 
certificate verify A
Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed: 
032-374-746.area5.spcsdns.net [70.2.19.200]
Feb 16 17:10:18 ramirez imaps[32289]: SSL_accept:error in SSLv3 read 
certificate verify A
Feb 16 17:10:18 ramirez imaps[32289]: imaps TLS negotiation failed: 
032-374-746.area5.spcsdns.net [70.2.19.200]
Feb 16 17:10:18 ramirez imaps[32289]: Fatal error: tls_start_servertls() 
failed