Kolab 3.4 Secure Installation

Franz Skale i.bin at dah.am
Sat Mar 28 11:16:24 CET 2015



Hi Josh,
it's not a SSL cipher problem.
Check your default_host configuration in /etc/roundcubemail/config.inc.php.
Use TLS or SSL as option.
Like:
// IMAP Server Settings port 143 tls.
$config['default_host'] = 'tls://localhost';

Or use SSL:

// IMAP Server Settings port 143 tls.
$config['default_host'] = 'ssl://localhost:993';

Check, that your cyrus installation works using openssl client:

openssl s_client -showcerts -connect localhost:143 -starttls imap

Check the output certs and the tls handshake.

Like:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
DA74F33938A5C2B82237AAC500BE66C8CA796191BB3583E73408C769322ED54F
    Session-ID-ctx:
    Master-Key:
90A0E4123162ECC9BAF2D8F05341F8CDECE3AF08330888833E4293CAF06977531354C1E99742F529537A82ABF0545258
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None


Try a login using your credentials:

. login <username> <password>

If all is OK use ". logout" to logout from imap.

If there's a problem with tls or ssl, check your cyrus ssl configuration:

tls_server_cert: /etc/ssl/certs/mail.example.com.crt
tls_server_key: /etc/ssl/private/mail.example.com.key

Be sure to add the ca bundle to the cert chain, when the imap client
refuses to accept the ssl connection.

cat  server.pem bundle.pem > /etc/ssl/certs/mail.example.com.crt

Try and report back

Rgds.

Franz





Am 28.03.15 um 01:13 schrieb Josh Janszen:
> Hi,
>
> I recently installed Kolab 3.4 on a clean system. I then made my way
> to the secure kolab server document. I followed all the steps and
> verified all services are running normally but when I got down to the
> Kolab components and followed the steps everything completed without
> error but now when I try to log into roundcube I get this error
> "Connection to storage server failed." and my log files show;
>
> [27-Mar-2015 20:10:50] PHP Warning:  fgets(): SSL operation failed
> with code 1. OpenSSL Error message$
> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in
> /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap_generic.php
> on line 200
>
> I have a feeling something with the last few steps is causing issue or
> because of the strictness of the allowed ciphers in the previous steps
>
> https://docs.kolab.org/howtos/secure-kolab-server.html
>
> Any help would be greatly appreciated,
> Josh
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20150328/b501fb56/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4254 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20150328/b501fb56/attachment-0001.p7s>


More information about the users mailing list