[Dovecot] ssl still not working

Farkas Levente lfarkas at bnap.hu
Wed May 21 11:40:44 EEST 2003 

Timo Sirainen wrote:
> On Thu, 2003-05-15 at 14:25, Farkas Levente wrote:
> 
>>hi,
>>I'm just download the latest cvs and try to use imaps. in mozilla I've 
>>got the following message window:
>>-----------------------------
>>mail.int.bppiac.hu received a message with incorrect Message 
>>Authentication Code. If the error occurs frequently, contact the website 
>>administrator.
>>-----------------------------
>>and there is only one OK button:-)
>>and this happens always. what can be the reason and what can I do?
>>thanks.
> 
> 
> If you set verbose_ssl = yes, I guess you'll see something like this in
> log file:
> 
> imap-login: SSL_accept() failed: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
> 
> I'm beginning to think that this has something to do with RSA keys ..
> because I don't provide it large enough RSA key and I don't create any
> temporary RSA keys. Or maybe the same with DH keys.
> 
> I wish someone with more understanding on SSL protocol wrote the SSL
> stuff to Dovecot :) I can only guess how they probably work.
> 
> My guess is that I should either generate a new temporary RSA key when
> it's asked (which I think would be very slow since every session might
> create new one) or that I pregenerated a few keys with specific sizes
> (512 and 1024bits?) and used only them, or let login process signal
> master process that we need a new key with bit size xyz, then wait for
> master process to create it and let all the new processes use it. I
> think the last one would work best.

here is the result:
-------------------
imap-login: May 21 10:35:39 Warning: SSL_accept() failed: 
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac [192.168.0.50]
imap-login: May 21 10:35:39 Info: Disconnected [192.168.0.50]
imap-login: May 21 10:35:39 Warning: SSL_accept() failed: 
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac [192.168.0.50]
imap-login: May 21 10:35:39 Info: Disconnected [192.168.0.50]
imap-login: May 21 10:35:39 Warning: SSL_accept() failed: 
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac [192.168.0.50]
imap-login: May 21 10:35:39 Info: Disconnected [192.168.0.50]
imap-login: May 21 10:35:43 Warning: SSL_accept() failed: 
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac [192.168.0.50]
imap-login: May 21 10:35:43 Info: Disconnected [192.168.0.50]
imap-login: May 21 10:35:43 Warning: SSL_accept() failed: 
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac [192.168.0.50]
imap-login: May 21 10:35:43 Info: Disconnected [192.168.0.50]
-------------------
this is with the latest patch (it's actualy the today cvs version).
I don't use dovecot's generated certs, I manualy generate certificate 
for all of our services https, imaps, vpn... with one common global CA 
for the whole company. ssl still not working.

-- 
   Levente                               "Si vis pacem para bellum!"

More information about the dovecot mailing list