Re: [GPGrelay-Talk] gpgrelay 0.95 and tls problem
Brought to you by:
dynacore
Menu
▾
▴
Re: [GPGrelay-Talk] gpgrelay 0.95 and tls problem
|
From: dynacore//.tSCc. <dyn...@te...> - 2004-05-29 13:57:55
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! > I have a problem with gpgrelay (0.95) and pop3 TLS. When I = use POP > over SSL (port 995) everything works fine, but when I use the > standard port (110) and TLS, gpgrelay says: > > POP3s - SSL/TLS No cipher was negotiated. Aborting ... > > while my Courier-POP3 Server (3.0.4) says: > > May 27 13:58:25 soup pop3d: couriertls: accept: = error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > > Can anybody help me? Well, GPGrelay is always only using StartTLS on the = standard-ports 25 and 110, so these Ports are always SMTP/ESMTP= or POP3 (although GPGrelay entitles them SMTPs/POP3s); on all = the other ports it first tries to start SSL-Session, if failed,= it retries using the StartTLS-Method. Maybe I should change the GUI to something I remember I've seen= done in Mozilla Mail: SSL/TLS: "Never", "Always", "If = available" (which would be technical speaking: plain, ssl and = starttls). The (minor) difference is: POP3s (usually on port 995) and = SMTPs (usually port 465) first negotiate SSL and then do their = (secured) protocol-chitchat, while the ESMTP and POP3 using = StartTLS enable SSL from within the protocol (so it's first = protocol-chitchat, then SSL-Negotiation and for the rest of the= session (secured) protocol-chitchat). So the "s"-Protocols are easy to enable using e.g. Stunnel, = while the others need some support from within the protocol, = but have the advantage of being backward compatible. Now I believe, you configured your server that way that it uses= POP3s on Port 110, thus GPGrelay connects with POP3 and tries = to issue StartTLS, but your server expects the SSL-Negotiation = immediately and thus it denies access to the POP3-Chitchat and = drops the connection. For GPGrelay this error is in the SSL-Phase, so it reports an = error there; so I guess the error-message should be more = verbose too. Bye! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.951 iD8DBQFAuJcRnTiKrQObWqkRAkHWAKC05Tlul8nuGutOD7t/TKu6VsvqqgCfScx6 t4Nub9adRG+++X0KOHgnTsw=3D =3D42ls -----END PGP SIGNATURE----- |