Re: [Dovecot] IPv6 & SSL

Fri, 05 Oct 2012 13:49:08 -0700 


Luigi Rosa wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
I have a dual stack server with Dovecot 2.1.10 listening on v4 and v6

Dovecot has a Comodo SSL certificate issued via NameCheap that works as
expected with IPv4

in 10-ssl.conf I have enabled these configuraction directives:

ssl = yes
ssl_cert =<  /path/to/file.crt
ssl_key =<  /path/to/file.key
ssl_parameters_regenerate = 202 hours


If I connect to Dovecot using the IPv6 address of the server with Thunderbird
15.0.1 uising CRAM-MD5 averything is ok.
If I enable SSL _and_ IPv6 on Thunderbird I get this error:

How do you enable this in Thunderbird? If by "enabling IPv6" you mean 
you put in the IPv6 address in stead of the hostname, that's probably 
where you're wrong. The certificate contains your hostname, not the 
IP-address so the hostname verification check fails if you insert the 
IPv6 address (i.e. hostname.tld != 
2001:470:1f09:203:fdbf:508e:4a29:56c5so your connection fails).
I've verified this by changing the hostname to IPv6 in Thunderbird and 
got the same error as you do. You would get the same error if you 
configure the IPv4 address in TB.

Oct  5 20:05:04 mail dovecot: imap-login: Disconnected (no auth attempts in 1
secs): user=<>, rip=2001:470:1f09:203:fdbf:508e:4a29:56c5,
lip=2001:470:1f09:203::badd:ecaf, TLS: SSL_read() failed: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48,
session=<ZcMRtlPLqgAgAQRwHwkCA/2/UI5KKVbF>

This is a valid connection when I use the hostname:


2012-10-04T18:07:51.614187+02:00 mail dovecot: imap-login: Login: 
user=<user@domain>, method=CRAM-MD5, rip=yyyy:yyyy:::yyyy, 
lip=xxxx:xxxx:::xxxx, mpid=58179, TLS, TLSv1 with cipher RC4-MD5 
(128/128 bits)



Configure your DNS so your hostname points to both the IPv6 and IPv4 
address. Your client will take take whichever protocol is preferred 
(IPv4 or IPv6).


Rgds,
N.


Ciao,
luigi


- -- 
/

+--[Luigi Rosa]--
\

I will tell you a great secret, Captain. Perhaps the greatest of all
time. The molecules of your body are the same molecules that make up
this station and the nebula outside, that burn inside the stars
themselves. We are star stuff, we are the universe made manifest,
trying to figure itself out. As we have both learned, sometimes
the universe requires a change of perspective."
     --Delenn, "Distant Star", Babylon 5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -http://www.enigmail.net/

iEYEARECAAYFAlBvI50ACgkQ3kWu7Tfl6ZRBSACfRkp4FYpWaEZUQhIh0t6Vfs/I
JbcAoKGZ769yogYS7faCXKvPTuhQiHA8
=jxCB
-----END PGP SIGNATURE-----






















					Reply via email to