Re: Eudora and ssl/tls and cyrus

From: Nick Simicich (no email)
Date: Thu Oct 04 2001 - 00:37:42 EDT


At 05:02 PM 10/3/2001 -0400, Ken Murchison wrote:
>Sorry about the late response, but I just got some time to look into
>this. Your fix allows Eudora to negotiate TLSv1, but does NOT fix the
>STARTTLS problem. I still can not get Eudora to do STARTTLS with an
>unmodified Cyrus.

Well, I just ran a bunch of tests, and I'm pretty sure I know what confused
me. If you simply change the connection method, it uses the old connection
method, until and unless you change the server name. Once you do that, it
will try and reconnect, but it is pretty badly hosed.

During testing, I got my client into a state where it would not make any
TLS connection. I tried a bunch of stuff. Finally, in desperation, I sent
a message to my tls protected smtp server, and then I was able to do at
least an alternate port connection.

But if you have made a connection, even i you turn off alternate port, it
still uses the alternate port. I think that was why I was confused.

>If you look closely at the log of your connection, you connected to an
>imaps daemon, meaning that you're doing what Eudora calls an "Alternate
>Port" connection (SSL wrapped IMAP on port 993).

Because it says service-imaps? Yep, that is what was happening,even though
I set it to "required, starttls". I assumed it had flipped back to the
primary port. I should have run ethereal on the network connection.

>So, we're back to square one -- Eudora is still broken.

Yep. The only way it works is on the alternate port, which, I guess, is
better than nothing.

>Ken
>
>
>Nick Simicich wrote:
> >
> > I just successfully got Eudora to negotiate TLS with Cyrus. This applies
> > to Eudora 5.1.
> >
> > A log extract which shows that I was able to connect in TLS is below ---
> > you will have to trust me that I did it from Eudora. The way to accomplish
> > this is to stop Eudora, and using an editor like emacs or notepad, edit the
> > eudora.ini file. In the [Settings] part of the file, find a entry labeled
> > "SSLReceiveVersion" If it is there, change the value specified to 0. If
> > it is not there, add a line reading
> >
> > SSLReceiveVersion=0
> >
> > Then start Eudora again.
> >
> > This parameter defaults to 6, which allows SSL Version 3 only. A setting
> > of 0 allows any of the settings it will speak. 7 forces TLS 1.0, other
> > settings force various other combinations. But 0 makes Eudora permissive
> > and allows it to speak what the other end wants to speak, thus allowing it
> > to use TLS version 1.0. Why Eudora decided to make this parameter default
> > to 6, I have no idea. I believe that this will allow Eudora 5.1 to talk to
> > an unmodified Cyrus.
> >
> > The FAQ should probably be changed to mention this parameter -- and maybe
> > when people contact Eudora it should be to ask that the parameter be
> changed.
> >
> > Sep 27 22:37:40 parrot master[30495]: about to exec /usr/cyrus/bin/imapd
> > Sep 27 22:37:40 parrot service-imaps[30495]: executed
> > Sep 27 22:37:40 parrot imapd[30495]: accepted connection
> > Sep 27 22:37:44 parrot imapd[30495]: starttls: TLSv1 with cipher
> > DES-CBC3-SHA (1
> > 68/168 bits) no authentication
> > Sep 27 22:37:45 parrot imapd[30495]: login:
> > glock.squawk.com[208.176.124.157] ni
> > ck CRAM-MD5+TLS User logged in
> > Sep 27 22:37:45 parrot imapd[30495]: seen_db: user nick opened
> > /var/imap/user/n/
> > nick.seen
> > Sep 27 22:37:45 parrot imapd[30495]: open: user nick opened INBOX
> >
> > --
> > We often hear of war described as if it were some kind of impersonal
> > affliction, such as the Black Plague or famine.The fact is that war is not
> > just something that happens, it is something that people make happen, and
> > they make it happen for reasons. As Clausewitz said, war is the
> continuation
> > of politics by other means. Exactly. War is neither a hurricane nor a
> flood.
> > It is, on the contrary, the cutting edge of ideology.
> > -- Jeff Cooper
> > Nick Simicich - - http://scifi.squawk.com/njs.html
>
>--
>Kenneth Murchison Oceana Matrix Ltd.
>Software Engineer 21 Princeton Place
>716-662-8973 x26 Orchard Park, NY 14127
>--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp

--
War is an ugly thing, but it is not the ugliest of things. The decayed and 
degraded state of moral and patriotic feeling which thinks that nothing is 
worth war is much worse. A man who has nothing for which he is willing to 
fight, nothing he cares about more than his own personal safety, is a 
miserable creature who has no chance of being free, unless made so by the 
exertions of better men than himself. -- John Stuart Mill
Nick Simicich - 







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD