Date: Fri, 05 Oct 2007 20:14:37 -0400 From: Mike Andrews <mandrews@bit0.com> To: Edward Buck <ed@bashware.net> Cc: ports@FreeBSD.org, oliver@FreeBSD.org Subject: Re: FreeBSD Port: courier-imap-4.2.0 ssl failure on port 993 Message-ID: <4706D36D.8070103@bit0.com> In-Reply-To: <4706D1B4.8090803@bashware.net> References: <47066CFE.20301@bashware.net> <4706D1B4.8090803@bashware.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Edward Buck wrote: > Edward Buck wrote: >> This is regarding the recent update courier-imap-4.2.0. >> >> Not sure if something has changed in functionality or perhaps there was >> an incompatible configuration change but the update broke my imaps >> setup. I admit that my SSL libraries might be the problem since there >> was recently a security update for SSL. >> >> I updated SSL using freebsd-update (binary updates) which before today >> has been pretty reliable. Afterwards, my old courier-imap still worked >> fine (perhaps because it was still using the old libraries?). Then last >> night, I updated courier and imaps stopped working (I don't run anything >> on the standard imap port). >> >> The error is: >> >> Oct 5 09:40:00 kafka imapd-ssl: couriertls: connect: error:1408F10B:SSL >> routines:SSL3_GET_RECORD:wrong version number > > Here's an update on this issue. I forgot to mention earlier than the > system is FreeBSD 6.2 p8. > > The problem seems to be specific to imapd-ssl running on port 993. I > didn't spend a lot of time troubleshooting different clients. Previous > to the update, I used Thunderbird with SSL/port 993 without problems. > Strangely, Korn (KDE mail notifier) seemed to work okay on port 993. It > could be a client thing but I suspect they just default to different SSL > versions. > > TLS works just fine on port 143, which is the configuration I've been > meaning to switch to for some time. The update forced the issue and > thus, this problem is not really one anymore. But for those who are > still using imaps on port 993, the update (either the courier-imap > update or the SSL update) may cause some problems. I ran into this yesterday. Changing TLS_PROTOCOL=SSL3 to =SSL23 in /usr/local/etc/courier-imap/imapd-ssl (and pop3d-ssl) fixed it. In my case it was client-specific: Pine, and Nagios' check_imap plugin, would generate that exact error... but Thunderbird 2.0 would be fine. I didn't test any other clients. Some Googling showed that this was a change in Courier, not FreeBSD specific -- but it might be worth a note in /usr/ports/UPDATING?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4706D36D.8070103>