Connection problem, using SSL

[jayjay69]

Hello there,

I'm trying to setup Roundcube, which seems to be a wonderfull tool, but i'm facing a problem :

I'm using SSL with : ssl://imaps.xxxx.com:993

but when i'm trying to log-in, i can see in the log :

[27-Sep-2007 18:05:53 +0200] IMAP Error: Could not connect to ssl://imaps.xxxxxx.com at port 993: Connection refused in on line 0


I tried with a non-ssl imap server, and it works...

Have anyone got an idea ?

Thx,

m.

[jayjay69]

If I want to get my mail through SSL, do I need to have an SSL Certificate on my server and accessing roundcube via :

https://mail.mydomain.com

Cheers !!

[kali]

You have several issues.

To run SSL - you need a certificate, most ideal is a certificate for the actual domain you are using and signed by a trusted signer (Verisign, Equifax etc.). Otherwise, clients may complain - either browser or email clients.

Second - imaps (port 993) is a direct access to secure imap protocol. You need your imap server to be listening on that port, and your firewall to allow inbound connections on that port. Finally, you need to be sure that imaps.xxx.com is a legitimate domain that resolves correctly.

That should get you started.

[tystars]

I'm having the same problem as jayjay69.

I'm able to connect using standard imap, but get a 'connection refused' error when connecting through imaps.

I've tested the connection with Outlook, and it connects fine through imaps on port 993.

Any ideas/suggestions would be greatly appreciated.

Thanks!

[r-i]

Know it has been a while since this was first posted but since I came across it searching for the answer to my IMAPS problem thought I would update it with what I have found for those coming after me.

Was basically in the same situation, IMAP would work, IMAPS wouldn't via Roundcube. IMAPS would work find using a desktop client.

Roundcube's error log would show:

Code: [Select]

PHP Warning: fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: SSL: Connection reset by peer in /var/www/html/roundcube/program/lib/imap.inc on line 468
PHP Warning: fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: Failed to enable crypto in /var/www/html/roundcube/program/lib/imap.inc on line 468
PHP Warning: fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: unable to connect to ssl://localhost:993 (Unknown error) in /var/www/html/roundcube/program/lib/imap.inc on line 468
Systems mail log would show:

Code: [Select]

imapd-ssl: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
imapd-ssl: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
It seems that the Roundcube implementation of IMAP does not support SSLv3 as a TLS Protocol. The IMAPD server that I was using was Courier which defaulted to allowing SSLv3 only on my system.

Editing imapd-ssl (found in /usr/lib/courier-imap/etc/ on a CentOS5 system) and changing the line

TLS_PROTOCOL=SSL3

to

TLS_PROTOCOL=SSL23

(# SSL23 - either SSLv2 or SSLv3)

and issuing a restart resulted in both my desktop clients and Roundcube webmail to connecting using IMAPS. The Courier config file lists other options that you can set this to and I have not investigated security implications that may be introduced by allowing SSLv2 or which other options might perform better. I imagine some more recent server implementations of IMAPS will favour a more recent TLS Protocol while others aim for highest compatibility. This might be why some are working perfectly out of the box and others not so much.

Hope this helps someone.

Russ

[w77459]

Ensure that if you change the IMAP port from 143 to 993 that you also add the protocol ssl:// to the front of the hostname in the config file, such as:

$rcmail_config['default_host'] = 'ssl://mail.mysite.com';
$rcmail_config['default_port'] = 993;

or else

$rcmail_config['default_host'] = 'mail.mysite.com';
$rcmail_config['default_port'] = 143;