I can't recall if we previously discussed it, but, why the fascination
with imaps, why not use TLS on 143, or wont that connect either? tried
pop3 TLS ? pop3s?
and when you test, use -CAfile /path/to/(startssl's)CA.pem
I see no auth mech statement, so using hte default is limited, IIRC,
login is re
auth_mechanisms = plain login
On 10/10/2013 10:51, Dan Langille wrote:
On Oct 9, 2013, at 6:33 PM, Noel Butler wrote:
On 10/10/2013 06:09, Eliezer Croitoru wrote:
I would imaging that 4k bits certificate handshake and validation can
take more then 1 sec..
Am I right about it?
hardly
and the size is not his problem.
he was given a test account on my network when I last saw this thread
(few weeks back?), that uses startssl, and 4096 certs, his mail.app
connected fine.
I would like to investigate that more if you like. Others have
experienced problem connected to my test server. I can't believe I've
created a non-functional Dovecot configuration.
One avenue I will purse: if I swap from 4096 to 2048, why does it work?
Here is a connection with a 4096 cert:
$ openssl s_ s_client -connect imaps.unixathome.org:993
CONNECTED(00000003)
depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0
s:/description=VwhdJi0sLHP3BDtQ/C=US/ST=Pennsylvania/L=Media/O=Daniel
Langille/CN=imaps.unixathome.org/emailAddress=postmas...@unixathome.org
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
---
Here is it with a 2048 cert:
$ openssl s_client -connect imaps.unixathome.org:993
CONNECTED(00000003)
depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0
s:/description=3Hs89se3p9RsmJBG/C=US/ST=Pennsylvania/L=Media/O=Daniel
Langille/CN=test1.langille.org/emailAddress=postmas...@langille.org
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
The only thing I change in the configuration is:
# MY KEYS
#ssl_cert = </usr/local/etc/ssl/dovecot.pem
#ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key
# My 2048 key
ssl_cert = </usr/local/etc/ssl/2048/test1.langille.org.BUNDLE.cert
ssl_key = </usr/local/etc/ssl/2048/test1.langille.org.nopassword.key
Current configuration is:
# doveconf -n
# 2.2.6: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE-p6 amd64
auth_debug = yes
auth_verbose = yes
first_valid_gid = 1001
first_valid_uid = 1001
mail_debug = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
passdb {
args = scheme=SHA512-CRYPT /var/db/dovecot.users
driver = passwd-file
}
protocols = imap
service imap-login {
inet_listener imap {
address = 199.233.228.197
}
inet_listener imaps {
address = 199.233.228.197
}
}
ssl_ca = </usr/local/etc/ssl/sub.class2.server.ca.pem
ssl_cert = </usr/local/etc/ssl/2048/test1.langille.org.BUNDLE.cert
ssl_key = </usr/local/etc/ssl/2048/test1.langille.org.nopassword.key
userdb {
args = /var/db/dovecot.users
driver = passwd-file
}
verbose_proctitle = yes
