Hello, We are trying to get Eudora 5.2 (win32) to talk to our IMAP server over TLS/SSL. The server is: RedHat 7.3, Linux 2.4.18-3, OpenSSL 0.9.6g, (Washington U) IMAP 2002.RC7. Our clients using other win32 mail clients ( M$ OL, etc ) are not having any problems.
The relevant portions of our maillog are: imapd[3166]: Unable to accept SSL connection, host=[209.128.117.3] prospero imapd[3166]: SSL error status: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac I captured the packets for both a successful session (OK) and our troublesome Eudora sessions (FAIL) to isolate where the problem in negotiating the SSL session was occurring. Key differences are: "Client Hello" packets: OK: Using TLS protocol, 22 cipher specs FAIL: Using SSLv2 protocol, 36 cipher specs (both client's cipher suites included (among others): TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) and TLS_RSA_WITH_RC4_128_MD5 (0x0004) Server Hello, Certificate OK: server selects TLS_RSA_WITH_RC4_128_MD5 (0x0004) FAIL: server selects TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) In both cases, client then responds with "Client Key Exchange, Change Cipher Spec, Encrypted Handshake". However, while in the OK scenario the server responds with "Change Cipher Spec, Encrypted Handshake" and then data exchange begins, in the FAIL scenario the "Client Key Exchange, Change Cipher Spec, Encrypted Handshake" packet is immediately follow by an "Alert Level: Fatal, Bad Record MAC" message from the server. Eudora responds with its internal "Connection refused" error code and the mail logs record the afore mentioned messages. So far Eudora documentation and a search in the archives have not yielded any solution. Any help is appreciated. Thanks, Paul Ogden Claresco Corporation (510) 549-2290 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
