Bug#442271: courier-pop-ssl: pop3s does not work any more
Defining TLS_PROTOCOL to SSL2 is a bit problematic. When left at SSL3 courier only accepts SSL3.x handshakes (not SSL2.0-compatibility ones). When defining the variable to be set to SSL2 courier only accepts SSL2.0 and SSL2.0-compatibility handshakes. Therefore the setting SSL2 makes real SSL3.0 and TLS1.0 handshakes to fail. This affects all mail clients, that do use GnuTLS instead of OpenSSL which does not use the old SSL2.0 compatible handshake (because it is not SSL2.0 compatibile) but uses a real SSL3.0 or TLS handshake. The value SSL23 really should get added to the debian package also for version 0.56.0 as a debian add-on. The patch is trivial: --- libcouriertls.c.orig2007-09-26 00:51:36.002558776 +0200 +++ libcouriertls.c 2007-09-26 00:08:10.081264858 +0200 @@ -419,6 +419,7 @@ ctx=SSL_CTX_new(protocol strcmp(protocol, SSL2) == 0 ? SSLv2_method(): protocol strcmp(protocol, SSL3) == 0 ? SSLv3_method(): + protocol strcmp(protocol, SSL23) == 0 ? SSLv23_method(): TLSv1_method()); if (!ctx) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#442271: courier-pop-ssl: pop3s does not work any more
Package: courier-pop-ssl Version: 0.56.0-2 Severity: important Hello, Since switching to version 0.56.0-2 (from version 0.53.3-6), the pop3-ssl service (and probably imap-ssl service also, but I will not report bug since I do not use it right now) has trouble responding to requests. Client Application is Mail.app (OS X). Log message is: Sep 14 16:57:54 oberon pop3d-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Sep 14 16:57:54 oberon pop3d-ssl: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Sep 14 16:58:27 oberon pop3d-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Sep 14 16:58:28 oberon last message repeated 3 times (for example). Downgrading works fine. Config file: SSLPORT=995 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/pop3d-ssl.pid SSLLOGGEROPTS=-name=pop3d-ssl POP3DSSLSTART=YES POP3_STARTTLS=YES POP3_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_PROTOCOL=SSL3 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CERTFILE=/etc/courier/pop3d.pem TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir This error is already mentioned on the web, no correct answer found... -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.22-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages courier-pop-ssl depends on: ii courier-pop 0.56.0-2 Courier Mail Server - POP3 server ii courier-ssl 0.56.0-2 Courier Mail Server - SSL/TLS Supp courier-pop-ssl recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#442271: courier-pop-ssl: pop3s does not work any more
Jean-Christophe Dubacq wrote: Package: courier-pop-ssl Version: 0.56.0-2 Severity: important Hello, Since switching to version 0.56.0-2 (from version 0.53.3-6), the pop3-ssl service (and probably imap-ssl service also, but I will not report bug since I do not use it right now) has trouble responding to requests. Client Application is Mail.app (OS X). Log message is: Sep 14 16:57:54 oberon pop3d-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Sep 14 16:57:54 oberon pop3d-ssl: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Sep 14 16:58:27 oberon pop3d-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Sep 14 16:58:28 oberon last message repeated 3 times (for example). Downgrading works fine. Config file: SSLPORT=995 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/pop3d-ssl.pid SSLLOGGEROPTS=-name=pop3d-ssl POP3DSSLSTART=YES POP3_STARTTLS=YES POP3_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_PROTOCOL=SSL3 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CERTFILE=/etc/courier/pop3d.pem TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir This error is already mentioned on the web, no correct answer found... Changing TLS_PROTOCOL to SSL2 fixed the problem with Thunderbird. New release of Courier upstream will include the following: New option for TLS_PROTOCOL and SSL_PROTOCOL: SSL23 - equivalent to SSL3 in Courier 0.56. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
