Re: problems with imap in 1.2.0
- From: Brian Stafford <brian stafford uklinux net>
- To: scayford terracom net
- Cc: balsa-list <balsa-list gnome org>
- Subject: Re: problems with imap in 1.2.0
- Date: Fri, 21 Sep 2001 08:51:14 +0100
On Fri, 21 September 05:49 Steve Cayford wrote:
> Hello. Balsa just keeps getting better.
>
> Unfortunately, I seemed to have missed something switching from 1.1.7 to
> 1.2.0. I have an imap mailbox (pointed at a communigate pro mail server)
> which now gives me the error:
>
> SSL failed: unspecified protocol error
> Could not negotiate TLS connection
Likely the IMAP client is trying to step up to TLS but there is a problem
with either the server or client certificates.
> Which is odd, because I'm not using ssl, or at least I have the ssl option
> unchecked and am using port 143.
I'm not familiar with the details of Balsa's IMAP client, but IMAP provides
a STARTTLS extension which is used to negotiate up from a clear-text connection
to using SSL/TLS. If the server offers the STARTTLS extension, presumably
the client will attempt to negotiate up.
> I thought I had the checked/unchecked
> thing mixed up, but when I check the ssl option and try to get mail it just
> spins waiting for a response and not getting one since the server is not
> listening on the imaps port
If a connection is attempted to a port where the server is not listening,
the failure to connect should be subjectively instant. However firewalls
blocking ports can cause long timeouts if due care is not taken in their
configuration.
As an aside. Modern IETF standards deprecate the use of the seperate ports
strategy for SSL connections. When a protocol provides the STARTTLS command,
that is the preferred method to secure the connection.
When a choice is available, always use TLS, never use SSL. libmutt appears
to require TLS when negotiating up and will use SSL v2/3 when using the
seperate ports method. SSL v2/3 should not be used because it is subject
to downgrade attacks due to having to support export crippled servers.
Unlike SSL, TLS cannot negotiate a weaker cipher than requested by the user
and therefore is not subject to a downgrade attack.
Brian Stafford
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]