FreeBSD Port: courier-imap-4.2.0 ssl failure on port 993
Mike Andrews
mandrews at bit0.com
Fri Oct 5 17:31:01 PDT 2007
Edward Buck wrote:
> Edward Buck wrote:
>> This is regarding the recent update courier-imap-4.2.0.
>>
>> Not sure if something has changed in functionality or perhaps there was
>> an incompatible configuration change but the update broke my imaps
>> setup. I admit that my SSL libraries might be the problem since there
>> was recently a security update for SSL.
>>
>> I updated SSL using freebsd-update (binary updates) which before today
>> has been pretty reliable. Afterwards, my old courier-imap still worked
>> fine (perhaps because it was still using the old libraries?). Then last
>> night, I updated courier and imaps stopped working (I don't run anything
>> on the standard imap port).
>>
>> The error is:
>>
>> Oct 5 09:40:00 kafka imapd-ssl: couriertls: connect: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong version number
>
> Here's an update on this issue. I forgot to mention earlier than the
> system is FreeBSD 6.2 p8.
>
> The problem seems to be specific to imapd-ssl running on port 993. I
> didn't spend a lot of time troubleshooting different clients. Previous
> to the update, I used Thunderbird with SSL/port 993 without problems.
> Strangely, Korn (KDE mail notifier) seemed to work okay on port 993. It
> could be a client thing but I suspect they just default to different SSL
> versions.
>
> TLS works just fine on port 143, which is the configuration I've been
> meaning to switch to for some time. The update forced the issue and
> thus, this problem is not really one anymore. But for those who are
> still using imaps on port 993, the update (either the courier-imap
> update or the SSL update) may cause some problems.
I ran into this yesterday. Changing TLS_PROTOCOL=SSL3 to =SSL23 in
/usr/local/etc/courier-imap/imapd-ssl (and pop3d-ssl) fixed it.
In my case it was client-specific: Pine, and Nagios' check_imap plugin,
would generate that exact error... but Thunderbird 2.0 would be fine.
I didn't test any other clients.
Some Googling showed that this was a change in Courier, not FreeBSD
specific -- but it might be worth a note in /usr/ports/UPDATING?
More information about the freebsd-ports
mailing list