FreeBSD Port: courier-imap-4.2.0 ssl failure on port 993

Mike Andrews mandrews at
Fri Oct 5 17:31:01 PDT 2007

Edward Buck wrote:
> Edward Buck wrote:
>> This is regarding the recent update courier-imap-4.2.0.
>> Not sure if something has changed in functionality or perhaps there was
>> an incompatible configuration change but the update broke my imaps
>> setup.  I admit that my SSL libraries might be the problem since there
>> was recently a security update for SSL.
>> I updated SSL using freebsd-update (binary updates) which before today
>> has been pretty reliable.  Afterwards, my old courier-imap still worked
>> fine (perhaps because it was still using the old libraries?). Then last
>> night, I updated courier and imaps stopped working (I don't run anything
>> on the standard imap port).
>> The error is:
>> Oct  5 09:40:00 kafka imapd-ssl: couriertls: connect: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong version number
> Here's an update on this issue.  I forgot to mention earlier than the 
> system is FreeBSD 6.2 p8.
> The problem seems to be specific to imapd-ssl running on port 993.  I 
> didn't spend a lot of time troubleshooting different clients.  Previous 
> to the update, I used Thunderbird with SSL/port 993 without problems. 
> Strangely, Korn (KDE mail notifier) seemed to work okay on port 993.  It 
> could be a client thing but I suspect they just default to different SSL 
> versions.
> TLS works just fine on port 143, which is the configuration I've been 
> meaning to switch to for some time.  The update forced the issue and 
> thus, this problem is not really one anymore.  But for those who are 
> still using imaps on port 993, the update (either the courier-imap 
> update or the SSL update) may cause some problems.

I ran into this yesterday.  Changing TLS_PROTOCOL=SSL3 to =SSL23 in 
/usr/local/etc/courier-imap/imapd-ssl (and pop3d-ssl) fixed it.

In my case it was client-specific: Pine, and Nagios' check_imap plugin, 
would generate that exact error...  but Thunderbird 2.0 would be fine. 
I didn't test any other clients.

Some Googling showed that this was a change in Courier, not FreeBSD 
specific -- but it might be worth a note in /usr/ports/UPDATING?

More information about the freebsd-ports mailing list