problem using starttls with imap

problem using starttls with imap

[Pranav K. Tiwari]

I am trying to move to starttls because our IT now mandates use of SSL
to connect to IMAP.

I'm using 'No Gnus v0.6' on Windows. I have the following config:

;; TLS
(load "starttls")
(setq starttls-use-gnutls t
      nnimap-stream 'starttls
      nnimap-server-port 993)

When I try to connect, I see the following in the message buffer:
      
imap: Connecting to <server>...
Opening STARTTLS connection to `<server>'...
imap: Connecting to <server>...failed

And, then - nothing.

I sniffed the packets, and it appears that the client completes a 3-way
handshake with the server, but doesn't send anything after that. Any
ideas?

regards,
-p

      
-- 
Pranav Tiwari.

Re: problem using starttls with imap

[gdt]

Does your server use STARTTLS (the command) and TLS, or SSL?  The key
difference is that TLS is often negotiated from a regular connection
via STARTTLS, and SSL is usually used on a different port (993) from
the beginning.  Try using 'ssl for nnimap-stream.

-- 
	Greg Troxel <gdt@work.lexort.com>

Re: problem using starttls with imap

[Pranav K. Tiwari]

gdt@work.lexort.com writes:

> Does your server use STARTTLS (the command) and TLS, or SSL?  The key
> difference is that TLS is often negotiated from a regular connection
> via STARTTLS, and SSL is usually used on a different port (993) from
> the beginning.  Try using 'ssl for nnimap-stream.
>

Greg,

Yes, my server supports SSL, however, I don't have Windows client for
SSL. I was (wrongly) assuming that SSL support would imply TLS support
at the server's end.

Do you know if there are any free distributions of ssl client I can use
with ssl stream?

-p

Re: problem using starttls with imap

[gdt]

jpranav@cisco.com (Pranav K. Tiwari) writes:

> Yes, my server supports SSL, however, I don't have Windows client for
> SSL. I was (wrongly) assuming that SSL support would imply TLS support
> at the server's end.

It might well support TLS via STARTTLS, but try the regular imap port.

> Do you know if there are any free distributions of ssl client I can use
> with ssl stream?

I don't know - I don't use windows at all.  But this is probably a
FAQ.

-- 
	Greg Troxel <gdt@work.lexort.com>

Re: problem using starttls with imap

[Marcus Frings]

* jpranav@cisco.com (Pranav K. Tiwari) wrote:

> Do you know if there are any free distributions of ssl client I can use
> with ssl stream?

<URL:http://www.slproweb.com/products/Win32OpenSSL.html>

Regards,
Marcus
-- 
"Ich möchte die Pommes und die Cola behalten, aber ich möchte diesen Hamburger
wieder zurückschicken. Und wenn Ihr wieder Mayonnaise drauf tut, dann komm ich
zu Dir nach Hause, hack Dir die Beine ab, leg Feuer und seh zu, wie Du Dich auf
Deinen blutigen Stümpfen ins Freie schleppst, okay, Pierre?"

Re: problem using starttls with imap

[Pranav K. Tiwari]

gdt@work.lexort.com writes:

> jpranav@cisco.com (Pranav K. Tiwari) writes:
>
>> Yes, my server supports SSL, however, I don't have Windows client for
>> SSL. I was (wrongly) assuming that SSL support would imply TLS support
>> at the server's end.
>
> It might well support TLS via STARTTLS, but try the regular imap port.

imap port doesn't work either, so probably starttls is not
supported.

>
>> Do you know if there are any free distributions of ssl client I can use
>> with ssl stream?
>
> I don't know - I don't use windows at all.  But this is probably a
> FAQ.

Marcus pointed me to
<URL:http://www.slproweb.com/products/Win32OpenSSL.html> and I found a
working ssl client.

Now, I'm able to move one step further: the stream comes up. However,
emacs seems to hang at that point. I followed the code, and it appears
to be looping inside imap-open-ssl at the following lines (marked
with -->):

	  (with-current-buffer buffer
	    (goto-char (point-min))
-->	    (while (and (memq (process-status process) '(open run))
-->			(set-buffer buffer) ;; XXX "blue moon" nntp.el bug
-->			(goto-char (point-max))
-->			(forward-line -1)
-->			(not (imap-parse-greeting)))
-->			(not (imap-parse-greeting)))
-->	      (accept-process-output process 1)
-->	      (sit-for 1))

I'm not sure what it is waiting on. In the *imap* <server> bufer, I see:

* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (<server>) ready.

But, nothing after that. So, it appears that the stream was opened, but
gnus is expecting something it doesn't get.

Any ideas?
-p