[Dovecot] Trying to explain mutt+dovecot(ssl) to myself :(

Wilkinson, Alex alex.wilkinson at dsto.defence.gov.au
Mon Apr 23 16:37:38 EEST 2007

Hi all,

I have recently migrated my mail from courier-imap to dovecot.
In doing so, I finally configured mutt to connect to imaps (SSL).

In the end I got it all working. I then sat back and thought:
"I kinda don't understand the SSL/TLS part even though it works".
And I hate setting stuff up and not truely understanding the
mechanics of it.

So I started to write about it and am stuck. Can those that
_understand_ mutt+ssl have a read of what I wrote to myself and
give me your $00.02 worth (corrections etc).

    Trying to explain mutt+ssl and getting it all wrong

    * mutt(with openssl support built in) initiates with a "SSL-Client-Hello" to SSL on port 993
      i.e. mutt's capabilities (algorithms, SSL version etc).

    * dovecot:993 compares mutt's CipherSuites with its own. Of the CipherSuites mutt and dovecot
      have in common, dovecot:993 chooses the _most_ secure algorithm.

    * Dovecot:993 will then tell mutt what it has decided to use and assigns a Unique session ID.
      From now on all communication is via this ID.

    * Now that the CipherSuite is set between mutt and dovecot, dovecot sends its SSL certificate
      to mutt [/usr/local/share/dovecot/certs/dovecot.pem].
      mutt then uses dovecot's corresponding public key [/usr/local/share/dovecot/private/dovecot.pem]
      to verify that the ceritificate is authentic.

    * once mutt has verified that the certificate is authentic

    ... and here I got unstuck.



IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914.  If you have received this email in error, you are requested to contact the sender and delete the email.

More information about the dovecot mailing list