Am 07.05.2014 21:15, schrieb Sebastian Goodrick: > Hello > > I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy). > All clients work as expected except for Outlook (2013 &2010) on Win8 > with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on > Win 7 works fine. On my previous dovecot version 1.2.13 all clients > worked.) > As far as I understand, one difference is the support for TLS1.2 and > SSL3. And on the client side Win8 is now connecting through the > Microsoft Unified Security Protocol Provider. > > My logs show these issues: > > Dovecot: > May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 > read client certificate A [78.42.x.x] > May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 > read client certificate A [78.42.x.x] > May 06 21:05:43 imap-login: Warning: SSL failed: where=0x2002: SSLv3 > read client certificate A [78.42.x.x] > May 06 21:05:43 imap-login: Info: Disconnected (no auth attempts in 0 > secs): user=<>, rip=78.42.x.x, lip=144.76.x.x, TLS handshaking: Disconnect > > Outlook 2013 (contains German, translation in []): > IMAP: 12:30:02 [db] Mit 'mail.xxx.de' wird eine Verbindung an Port 143 > hergestellt. [A connection to port 143 is established with 'mail.xxx.de'] > [snip] > IMAP: 12:30:02 [rx] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR > LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN > AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Welcome at mail.xxx.de > [snip] > IMAP: 12:30:02 [rx] hmpc OK Pre-login capabilities listed, post-login > capabilities have more.IMAP: 12:30:02 [tx] ekum STARTTLS > IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 5, ae = 3 > IMAP: 12:30:02 [rx] ekum OK Begin TLS negotiation now. > IMAP: 12:30:02 [db] Mit 'Microsoft Unified Security Protocol Provider' > wird eine sichere Verbindung ausgehandelt. [A secure connection is > negotiated with 'Microsoft Unified Security Protocol Provider'] > IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 6, ae = 2 > IMAP: 12:30:03 [db] Die Verbindung mit 'mail.xxx.de' wurde > geschlossen. [Connection to 'mail.xxx.de' has been closed.] > IMAP: 12:30:03 [db] OnNotify: asOld = 6, asNew = 0, ae = 5 > IMAP: 12:30:03 [db] ERROR: "Es kann keine sichere Verbindung mit dem > Server hergestellt werden.", hr=2148322330 [Can't establish a secure > connection with the server.] > > My settings for ssl_protocols and ssl_cipher_list are empty. Since it > works with most clients, I assume no broken certificates or my dovecot > configuration. The connection fails at the TLS/SSL handshake. > Has anyone seen this behaviour, too? Is there a setting (for > ssl_protocols and ssl_cipher_list) to support Outlook on Win8? > > Thanks, Sebastian >
Before do more analysis, trible check there are no auth problems with your setup your log does not look like this, but dont ever trust microsoft logs and its mysticals, check dove log too for auth problems, as ever shut down any antivirus imap proxies firewalls too for testing set dove debug ssl max verbose perhaps use wireshark etc too from http://forum.mailtraq.com/viewtopic.php?f=7&t=1913 ... I have been diagnosing the problem with Windows 8 and we think it has been identified, although we are still waiting for confirmation from Microsoft. It appears that Microsoft have changed the TLS security protocol requirements in the Unified Security Protocol Provider that ships with Windows 8. ... some other stuff http://technet.microsoft.com/de-de/office/aa374757%28v=vs.71%29 http://technet.microsoft.com/de-de/office/bb870930%28v=vs.71%29 http://support.microsoft.com/kb/245030 perhaps i will run my own tests tommorow and report again Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
