On Fri, Jan 19, 2001 at 02:13:57PM -0700, Tres Hofmeister wrote:
> The build goes fine, but when I attempt to connect to our
> SSL-wrapped IMAP server, I get an error immediately after accepting
> the site certificate. For example:
>
> tres$ mutt -f '{imap/ssl}'
> [I see:
> -- Mutt: SSL Certificate check
> (r)eject, accept (o)nce
> ]
> I type "o", then Mutt fails with this error:
>
> SSL connection using (NONE)
This is not an error message, it's an informational message telling you
the SSL parameters used on the connection. Seeing 'NONE' there means that
the connection is *unencrypted*, and we all know that sending passwords
over an unencrypted link is not a good idea. Instead of 'NONE' you should
see something more like 'EDH-RSA-DES-CBC3-SHA' to indicate that the
connection is secure.
IIRC the reason for 'NONE' is that there's a slight mismatch between
client and server SSL protocols and versions. See below.
> Any suggestions?
Four words: RTFM =)
In this case the FM would be README.SSL:
----------8<--------------------8<----------
Troubleshooting
---------------
If after doing the above, you are unable to successfully connect, it
is likely that your IMAP server does not support one of the SSL protocols.
There exist three different protocols, TLSv1, SSLv2, and SSLv3. To check
each of these, you use the following:
openssl s_client -host <imap server> -port <port> -verify -debug -no_tls1
openssl s_client -host <imap server> -port <port> -verify -debug -no_ssl2
openssl s_client -host <imap server> -port <port> -verify -debug -no_ssl3
You can also combine the options until you get a successfull connect. Once
you know which options do not work, you can set the variables for non-working
protocols to know. The variables for the protocols are ssl_use_tlsv1,
ssl_use_sslv2, and ssl_use_sslv3.
----------8<--------------------8<----------
--
Tommi Komulainen [EMAIL PROTECTED]
GPG 1024D/68388EE6 6FD6 DD79 EB38 BF6F 3533 09C0 04A8 9871 6838 8EE6
PGP signature
