Been trying to secure my server for some time now, without success. If
someone could point me to the next step I'd be grateful. I've tried two
ways, following the instructions on the project website, with a local
keystore and with a keystore using imported certificates from a provider, I
get the same result using either keystore. I'm testing using the IMAP
server. If I use true for both socketTLS and startTLS, the imap server
doesn't start. Using certificates from startSSL, I've imported the CA, the
class 1 intermediate, and the certificate I created with the keytool csr.
Whatever I do seems to make no difference to the result! The server is
listening, but the secure bit doesn't work! I'm running on Ubuntu 12.10.
My imap configuration is as follows:
<bind>0.0.0.0:993</bind>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="false" startTLS="true">
<keystore>file://conf/.keystore</keystore>
<secret>envelope</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
</tls>
And using the openssl client, I get the following response:
openssl s_client -connect mail.mymailserver.com:993 -starttls imap
CONNECTED(00000003)
140127271982752:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake failure:s23_clnt.c:724:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 302 bytes and written 251 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
--
View this message in context:
http://james.10919.n7.nabble.com/STARTTLS-configuration-question-tp50107.html
Sent from the James - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
