search for: s_client

...;> >> [root at maui:/var/log]$ watch 'tail -n40 maillog >> >> does not quiver when I try to connect > > That's suspicious. > > Let's exclude it is the client which causes the problem: Connect directly to > the IMAPS server on CLI. > > openssl s_client -connect <server ip>:993 > > You hopefully see a greeting message from the IMAP server. Then issue > > a1 LOGIN username password > > If you see a success message that you logged in, then everything is fine with > your cyrus-imapd. > > Logout by entering > >...

...$ watch 'tail -n40 maillog >>> >>> does not quiver when I try to connect >> >> That's suspicious. >> >> Let's exclude it is the client which causes the problem: Connect directly >> to the IMAPS server on CLI. >> >> openssl s_client -connect <server ip>:993 >> >> You hopefully see a greeting message from the IMAP server. Then issue >> >> a1 LOGIN username password >> >> If you see a success message that you logged in, then everything is fine >> with your cyrus-imapd. >>...

Excellent, thank you again. The openssl command I have tried (that used to work with Dovecot 2.2) is: openssl s_client -connect mail.privustech.com:143 I have also tried ? ? ? ??openssl s_client -connect mail.privustech.com:143 -servername mail.privustech.com I've posted?the full output from this to?https://pastebin.com/eUSarQdx I've posted te full output?from?dovecot -n to?https://pastebin.com/F8Ra C4bt...

> but i try to this command > > openssl s_client -connect mail.mydomain:pop3s -starttls imap > > it says CONNECTED and hang. second command is correct? Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays). If you're testing IMAP, try one or the oth...

...gt;>> >>>> does not quiver when I try to connect >>> >>> That's suspicious. >>> >>> Let's exclude it is the client which causes the problem: Connect >>> directly to the IMAPS server on CLI. >>> >>> openssl s_client -connect <server ip>:993 >>> >>> You hopefully see a greeting message from the IMAP server. Then >>> issue >>> >>> a1 LOGIN username password >>> >>> If you see a success message that you logged in, then everything >>>...

Hi! I'm trying to get information about a server certificate from a pigeonhole sieve server. Various connection attempts show only "wrong version number" or "unknown protocol" errors from openssl: $ openssl s_client -connect example.com:4190 { -tls1, -tls1_1, -tls1_2 } [ -starttls { imap, pop3 } ] None of these work. I'm trying to see who signed the server cert. How could I do this? Thanks, Daniel -- L?VAI D?niel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3...

...rver.tdl { ssl_cert = <server_rsa_crt.pem ssl_key = <server_rsa_key.pem ssl_cert = <server_ecdsa_crt.pem ssl_key = <server_ecdsa_key.pem } but it seems that dovecot takes the last one (ecdsa) and that rsa cert is not used. to check if booth are working, i check with openssl: openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls imap -servername imap.server.tdl -cipher ECDHE-RSA-AES128-GCM-SHA256 for rsa and openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls imap -servername imap.server.tdl -cipher ECDHE-ECDSA-AES128-GCM-SHA256 for ecdsa In...

On Tue, 11 Aug 2015, Alexander Dalloz wrote: > Am 11.08.2015 um 21:47 schrieb Dr J Austin: >>> >>> What does cyrus-imapd log? >>> >>> Alexander >>> >>> >> >> Where should I be looking ? > > /var/log/maillog is the default log file for the MAIL facility. Else check > your syslog() daemon configuration. > >

...; )| Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it (Server 2 - sync "server")| Error: doveadm client disconnected before handshake: <no error> If I try to connect to the server using openssl s_client, on the port 993 (imaps) the server correctly sends the full chain: $ openssl s_client -connect server1.fqdn:993 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:...

trying to login squirrelmail using dovecot-1.1.17 on a qmail-server with vpopmail setup has also running your: courier-dovecot-migrate.pl --recursive --convert --overwrite here are the output from dovecot-log: Info: imap-login: Disconnected (no auth attempts): rip=192.168.1.220, lip=192.168.1.220, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

Hi we are using dovecot on secure port when i try to command openssl s_client -connect mail.mydomain:pop3s it works perfect. [image: Inline image 1] Also i check from https://www.sslshopper.com/ssl-checker.html web page i can see all correct ceritificate paths but i try to this command openssl s_client -connect mail.mydomain:pop3s -starttls imap it says CONNECTED...

Hello Brian, Sorry to my late answer, I did what you suggest previously This error suggests a problem with your certificate. If it used to work previously, then check it hasn't expired. openssl s_client -connect devsamba.lucas.ufes.br:636 copy-paste the certificate into a pem file, including begin/end lines openssl x509 -in mycert.pem -noout -enddate And check your root CA cert hasn't expired: openssl x509 -in /usr/local/samba/private/tls/cert.pem -noout -enddate I did the f...

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in...

Hi, I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has a valid Letsencrypt certificate but the problem also happens with a self-digned one. Only openssl s_client -connect localhost:993 works fine and fast, while all MUA's and telnet does not. Telnet timeouts waiting for banner after a minute or so: root at netuno:~# openssl s_client -connect localhost:993 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1...

...mparing md5 hashes also no errors. So why >>> would openssl not accept (limit) keys is has generated and verified with >>> no error? >>> >>> >> try >> >> openssl s_server -cert /path/to/cert -key /path/to/key -port 5555 >> >> openssl s_client -connect localhost:5555 >> > Uhum, I see now. What a strange thing (bug?) openssl is doing. Thank you > for valuable time/effort having debug this. Seems I have to start the CA > all over... Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: [ brainpoolP256r1 | bra...

...dovecot lmtp. Unfortunely I have problem with certificate, postfix shows, 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I checked certs by openssl s_client: #openssl s_client -connect localhost:24 -showcerts -starttls smtp -CApath /etc/ssl/certs/ And I gets didn't found starttls in server response, try anyway... depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU = Domain Control Validated - RapidSSL(R), CN = mail.active...

...situation where tls connections to the AD server on port 389 have trouble. I've added the CA cert to ldap.conf, and to the ca_root_nss file on this system. First what works: 1. ldapsearch commands with -Z to force use of tls (configured in /usr/local/etc/ldap.conf) 2. ssl connections with s_client to port 636 and to port 443 on the domain controller. 3. tls version 1 connections to port 389 using s_client with the -tls1 switch 4. gnutls-cli connections to port 636. Shows that the domain controller cert is trusted What fails: 1. s_client connections to port 389 if I don't give the -tl...

...READS -D_REENTRANT -DRSAref -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto -L/space/local/lib s_server.o: In function `sv_body': s_server.o(.text+0x10a4): undefined reference to `shutdown...

...ted - IETF RFC 7027 specifies for TLS use: >> >> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >> >> And thus t1 would not work anyway. However, having tested r1 the result >> was just the same. >> >> A tcpdump during the openssl test [ s_server | s_client ] then revealed >> (TLSv1.2 Record Layer: Handshake Protocol: Client Hello) : >> >> Extension: supported_groups (len=10) >> ??? Type: supported_groups (10) >> ??? Length: 10 >> ??? Supported Groups List Length: 8 >> ??? Supported Groups (4 groups) >>...

...ssible to have this possibility through an SSL option or other ? >>> >>> Thank you. >>> >>> Florent >> ssl_protocols = !SSLv3 !SSLv2 >> >> Is that enough? > > I'm afraid not. I've got SSLv2 and SSLv3 disabled and with `openssl > s_client -connect $host:993` I still can successfully renegotiate by > passing a single 'R'. Are you use good ssl_cipher_list (https://wiki.mozilla.org/Security/Server_Side_TLS)? My config ## Service options # 10-ssl ssl = yes ssl_cert = </etc/pki/tls/certs/.crt ssl_key = </etc/pki/tls/pr...