Thread: [courier-users] SSL3_GET_RECORD:wrong version number with iPhone
Brought to you by:
mrsam
Menu
▾
▴
courier-users
|
From: David E. W. <da...@ki...> - 2008-03-30 21:40:28
|
Howdy,
I just finished building a new courier-imap server on Ubuntu 7.10
"Gutsy Gibbon" using the packages installed via apt-get. It's working
great with my own self-signed certificate with TLS on port 143. Great,
that is, except for my iPhone. The iPhone complains:
Cannot Get Mail
Operation could not be completed (NSStreamSocketSSLErrorDomain
error -9844.)
Tailing the log on the server, I see the dreaded:
Mar 30 14:20:51 crocker imapd: Connection, ip=[::ffff:24.21.175.208]
Mar 30 14:20:51 crocker imapd: couriertls: accept: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
Mar 30 14:20:51 crocker imapd: Disconnected, ip=[::ffff:
24.21.175.208], time=0, starttls=1
I tried tweaking both TLS_PROTOCOL and TLS_STARTTLS_PROTOCOL, setting
them each to various things (SSL23, SSL2, TLS1), and while Mail.app on
Leopard continues to work fine for most settings, it never does work
on the iPhone.
The installed packages are:
courier-imap 4.1.3-2ubuntu2 Courier Mail Server - IMAP server
courier-imap-ssl 4.1.3-2ubuntu2 Courier Mail Server - IMAP over
SSL
I get the same issue, BTW, when I try the openssl client:
% openssl s_client -starttls imap -connect localhost:143
CONNECTED(00000003)
write:errno=104
The log for this says:
Mar 30 14:28:43 crocker imapd: Connection, ip=[::ffff:127.0.0.1]
Mar 30 14:28:43 crocker imapd: couriertls: connect: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
Mar 30 14:28:43 crocker imapd: Disconnected, ip=[::ffff:127.0.0.1],
time=0, starttls=1
Might there be something I've missed in the configuration, or might
there be a bug in the Ubuntu builds of courier-imap?
Any advice or assistance would be much appreciated.
Best,
David
|
|
From: Sam V. <mr...@co...> - 2008-03-30 21:52:14
|
David E. Wheeler writes: > I tried tweaking both TLS_PROTOCOL and TLS_STARTTLS_PROTOCOL, setting > them each to various things (SSL23, SSL2, TLS1), and while Mail.app on > Leopard continues to work fine for most settings, it never does work > on the iPhone. > > The installed packages are: > > courier-imap 4.1.3-2ubuntu2 Courier Mail Server - IMAP server > courier-imap-ssl 4.1.3-2ubuntu2 Courier Mail Server - IMAP over > SSL Upgrade to 4.3.1, whose default SSL configuration is more tolerant. |
|
From: David E. W. <da...@ki...> - 2008-03-30 22:44:29
|
On Mar 30, 2008, at 14:52, Sam Varshavchik wrote: >> courier-imap 4.1.3-2ubuntu2 Courier Mail Server - IMAP server >> courier-imap-ssl 4.1.3-2ubuntu2 Courier Mail Server - IMAP >> over SSL > > Upgrade to 4.3.1, whose default SSL configuration is more tolerant. Bah! Looks like hardy will have 4.3.0. :-( I'll have to ask around among ubuntu-ers as to whether 4.3.1 will be rolled in before release of hardy next month. In the meantime, is there nothing I can do with 4.1.3 to get it to be more tolerant? Thanks, David |
|
From: Martin S. (I. IT OS D. CD) <Mar...@in...> - 2008-03-31 05:49:41
|
David E.Wheeler wrote:
> In the meantime, is there nothing I can do with 4.1.3 to get it to be
> more tolerant?
>
Don't know if this applies to your problem, but I got SSL working for 0.56.0
by adding a line to tcpd/libcouriertls.c:
--- tcpd/libcouriertls.c 2007/05/27 21:54:08 1.20
+++ tcpd/libcouriertls.c 2007/06/30 03:24:11 1.21
@@ -419,6 +419,7 @@
ctx=SSL_CTX_new(protocol && strcmp(protocol, "SSL2") == 0
? SSLv2_method():
protocol && strcmp(protocol, "SSL3") == 0 ? SSLv3_method():
+ protocol && strcmp(protocol, "SSL23") == 0 ? SSLv23_method():
TLSv1_method());
if (!ctx)
(you have to "apt-get source courier-imap", apply the patch and recompile --
ask google how to rebuild packages with Debian if you need instructions :)
hth,
--
Martin Schuster
Infineon Technologies IT-Services GmbH
Tel: +43 5 1777 3517
<Mar...@in...>
Lakeside B05
9020 Klagenfurt, Austria
FB: LG Klagenfurt, FN 246787y
VISIT US AT http://www.infineon.com/austria
|
|
From: David E. W. <da...@ki...> - 2008-03-31 17:04:36
|
On Mar 30, 2008, at 22:49, Martin Schuster (IFKL IT OS DSM CD) wrote: > protocol && strcmp(protocol, "SSL3") == 0 ? > SSLv3_method(): > + protocol && strcmp(protocol, "SSL23") == 0 ? > SSLv23_method(): > TLSv1_method()); > > if (!ctx) > > (you have to "apt-get source courier-imap", apply the patch and > recompile -- > ask google how to rebuild packages with Debian if you need > instructions :) Looks like that patch is already in 4.1.3-2ubuntu2, which was downloaded to courier-0.56.0. :-( Thanks, David |
|
From: David E. W. <da...@ki...> - 2008-07-01 23:52:34
|
On Mar 30, 2008, at 14:52, Sam Varshavchik wrote: > David E. Wheeler writes: > >> I tried tweaking both TLS_PROTOCOL and TLS_STARTTLS_PROTOCOL, >> setting them each to various things (SSL23, SSL2, TLS1), and while >> Mail.app on Leopard continues to work fine for most settings, it >> never does work on the iPhone. >> The installed packages are: >> courier-imap 4.1.3-2ubuntu2 Courier Mail Server - IMAP >> server >> courier-imap-ssl 4.1.3-2ubuntu2 Courier Mail Server - IMAP >> over SSL > > Upgrade to 4.3.1, whose default SSL configuration is more tolerant. Okay, finally managed to get upgraded: $ dpkg -l | grep courier-imap ii courier-imap 4.3.1-3ubuntu1~hardy1 Courier mail server - IMAP server ii courier-imap-ssl 4.3.1-3ubuntu1~hardy1 Courier mail server - IMAP over SSL However, I'm *still* getting this error on my iPhone: Jul 1 16:12:26 crocker imapd: Connection, ip=[::ffff:67.160.131.113] Jul 1 16:12:26 crocker imapd: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Jul 1 16:12:26 crocker imapd: Disconnected, ip=[::ffff: 67.160.131.113], time=0, starttls=1 And I still get the same error when I use openssl s_client -starttls imap -connect localhost:143 Is there something else I can try? Something in my configuration, perhaps? I'm pretty confused with this… Many thanks, David |
|
From: Gordon M. <yi...@eb...> - 2008-07-02 00:44:49
|
David E. Wheeler wrote: > On Mar 30, 2008, at 14:52, Sam Varshavchik wrote: > >> David E. Wheeler writes: >> >>> I tried tweaking both TLS_PROTOCOL and TLS_STARTTLS_PROTOCOL, >>> setting them each to various things (SSL23, SSL2, TLS1), and while >>> Mail.app on Leopard continues to work fine for most settings, it >>> never does work on the iPhone. >>> The installed packages are: >>> courier-imap 4.1.3-2ubuntu2 Courier Mail Server - IMAP >>> server >>> courier-imap-ssl 4.1.3-2ubuntu2 Courier Mail Server - IMAP >>> over SSL >>> >> Upgrade to 4.3.1, whose default SSL configuration is more tolerant. >> > > Okay, finally managed to get upgraded: > ... > However, I'm *still* getting this error on my iPhone: > Did you migrate your old configuration or are you using the default? The default configuration can't help you if you aren't using it. ;) Remove all of the TLS_PROTOCOL and TLS_STARTTLS_PROTOCOL settings from all of your configuration files. |
|
From: David E. W. <da...@ki...> - 2008-07-02 05:24:55
|
On Jul 1, 2008, at 17:43, Gordon Messmer wrote:
> Did you migrate your old configuration or are you using the default?
I updated my configuration with the changes in the default config, but
kept a few things.
> The default configuration can't help you if you aren't using it. ;)
>
> Remove all of the TLS_PROTOCOL and TLS_STARTTLS_PROTOCOL settings from
> all of your configuration files.
Okay, I've done that and restarted, and now this works properly:
openssl s_client -starttls imap -connect localhost:143
But I'm still getting this error on my iPhone:
Cannot Get Mail
Operation could not be completed. (NSStreamSocketSSLErrorDomain
error -9844)
Which is just what I got before. However, the mail log just has:
Jul 1 22:23:15 crocker imapd: Connection, ip=[::ffff:67.160.131.113]
Jul 1 22:23:15 crocker imapd: LOGOUT, ip=[::ffff:67.160.131.113],
rcvd=22, sent=369
So now obviously something else is off. Any suggestions? I don't see
anything else relevant in my system log or auth log.
Thanks,
David
|
|
From: Gordon M. <yi...@eb...> - 2008-07-02 06:41:44
|
David E. Wheeler wrote: > But I'm still getting this error on my iPhone: > > Cannot Get Mail > Operation could not be completed. (NSStreamSocketSSLErrorDomain > error -9844) > > Which is just what I got before. I'm not sure where to look for Apple's documentation on that error code. My first guess is that the CN in your SSL certificate doesn't match the hostname that you're using in the client. |
|
From: Jerry A. <jam...@gm...> - 2008-07-02 06:02:20
|
On Wed, Jul 2, 2008 at 12:24 AM, David E. Wheeler <da...@ki...> wrote: > openssl s_client -starttls imap -connect localhost:143 You sure the iPhone does the same? Browsing I've done seems to lean towards imapds (port 993). > But I'm still getting this error on my iPhone: > > Cannot Get Mail > Operation could not be completed. (NSStreamSocketSSLErrorDomain > error -9844) > > Which is just what I got before. However, the mail log just has: > > Jul 1 22:23:15 crocker imapd: Connection, ip=[::ffff:67.160.131.113] > Jul 1 22:23:15 crocker imapd: LOGOUT, ip=[::ffff:67.160.131.113], > rcvd=22, sent=369 The iPhone connects through Comcast? > So now obviously something else is off. Any suggestions? I don't see > anything else relevant in my system log or auth log. Which would indicate some kind of client problem... jerry -- "Your life is trite and jaded, boring and confiscated." - Twisted Sister |
|
From: David E. W. <da...@ki...> - 2008-07-02 14:16:19
|
Well, I turned on my iPhone this morning and, lo and behold, it downloaded my mail for the first time in months (since I built this mail server). W00t! Yes, it works with TLS on port 143. Yes, it connects from comcast, via the wifi network in my house. And yes, I guess it was a client problem, fixed with a reboot. Best, David PS: I won't top reply from my phone again. :-) Sent from my iPhone On Jul 1, 2008, at 23:02, "Jerry Amundson" <jam...@gm...> wrote: > On Wed, Jul 2, 2008 at 12:24 AM, David E. Wheeler <da...@ki... > > wrote: >> openssl s_client -starttls imap -connect localhost:143 > > You sure the iPhone does the same? Browsing I've done seems to lean > towards imapds (port 993). > >> But I'm still getting this error on my iPhone: >> >> Cannot Get Mail >> Operation could not be completed. (NSStreamSocketSSLErrorDomain >> error -9844) >> >> Which is just what I got before. However, the mail log just has: >> >> Jul 1 22:23:15 crocker imapd: Connection, ip=[::ffff:67.160.131.113] >> Jul 1 22:23:15 crocker imapd: LOGOUT, ip=[::ffff:67.160.131.113], >> rcvd=22, sent=369 > > The iPhone connects through Comcast? > >> So now obviously something else is off. Any suggestions? I don't see >> anything else relevant in my system log or auth log. > > Which would indicate some kind of client problem... > > jerry > > -- > "Your life is trite and jaded, boring and confiscated." - Twisted > Sister > > --- > ---------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ > courier-users mailing list > cou...@li... > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier- > users |
