<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
<br>
Hi,<br>
do a /usr/lib/ssl/misc/c_info of your server cert.<br>
Then check the CA who signed the cert, and then chain it to the
server cert.<br>
Also check your imapd logfile /var/log/imapd.log for tls problems.<br>
By now, I run all my kolab services in debug mode.<br>
So you could give it a try and tweak:<br>
<br>
<a class="moz-txt-link-freetext" href="File:/etc/default/kolab-server">File:/etc/default/kolab-server</a><br>
FLAGS="-l debug -d 9"<br>
<br>
/etc/default/wallace<br>
FLAGS="-l debug"<br>
<br>
/etc/default/cyrus-imapd<br>
Uncomment:<br>
#CYRUS_VERBOSE=1<br>
<br>
<br>
<br>
<br>
Rgds.<br>
<br>
Franz<br>
<br>
Am 28.03.15 um 14:17 schrieb Josh Janszen:<br>
</div>
<blockquote
cite="mid:CAERJD3wezo1Lv7ZrGxyn_Nyc_w72ZiX0Wm4tX0HVkQ-jOzxKCQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Thanks for your help with this issue. Roundcube is set for
tls and port 143, I will leave it that way because its local.<br>
<br>
</div>
<div>I may be having issues which files to use for the bundled
cert. My CA gave me these files, do i need to use all of them?<br>
<br>
AddTrustExternalCARoot.crt<br>
COMODORSADomainValidationSecureServerCA.crt<br>
COMODORSAAddTrustCA.crt<br>
<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Mar 28, 2015 at 6:16 AM, Franz
Skale <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:i.bin@dah.am" target="_blank">i.bin@dah.am</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div><br>
<br>
Hi Josh,<br>
it's not a SSL cipher problem.<br>
Check your default_host configuration in
/etc/roundcubemail/config.inc.php.<br>
Use TLS or SSL as option.<br>
Like:<br>
// IMAP Server Settings port 143 tls.<br>
$config['default_host'] = 'tls://localhost';<br>
<br>
Or use SSL:<br>
<br>
// IMAP Server Settings port 143 tls.<br>
$config['default_host'] = 'ssl://localhost:993';<br>
<br>
Check, that your cyrus installation works using openssl
client:<br>
<br>
openssl s_client -showcerts -connect localhost:143
-starttls imap<br>
<br>
Check the output certs and the tls handshake.<br>
<br>
Like:<br>
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384<br>
Server public key is 4096 bit<br>
Secure Renegotiation IS supported<br>
Compression: NONE<br>
Expansion: NONE<br>
SSL-Session:<br>
Protocol : TLSv1.2<br>
Cipher : ECDHE-RSA-AES256-GCM-SHA384<br>
Session-ID:
DA74F33938A5C2B82237AAC500BE66C8CA796191BB3583E73408C769322ED54F<br>
Session-ID-ctx:<br>
Master-Key:
90A0E4123162ECC9BAF2D8F05341F8CDECE3AF08330888833E4293CAF06977531354C1E99742F529537A82ABF0545258<br>
Key-Arg : None<br>
PSK identity: None<br>
PSK identity hint: None<br>
<br>
<br>
Try a login using your credentials:<br>
<br>
. login <username> <password><br>
<br>
If all is OK use ". logout" to logout from imap.<br>
<br>
If there's a problem with tls or ssl, check your cyrus
ssl configuration:<br>
<br>
tls_server_cert: /etc/ssl/certs/mail.example.com.crt<br>
tls_server_key: /etc/ssl/private/mail.example.com.key<br>
<br>
Be sure to add the ca bundle to the cert chain, when the
imap client refuses to accept the ssl connection.<br>
<br>
cat server.pem bundle.pem >
/etc/ssl/certs/mail.example.com.crt<br>
<br>
Try and report back<br>
<br>
Rgds.<br>
<br>
Franz<br>
<br>
<br>
<br>
<br>
<br>
Am 28.03.15 um 01:13 schrieb Josh Janszen:<br>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi,<br>
<br>
</div>
I recently installed Kolab 3.4 on a clean
system. I then made my way to the secure
kolab server document. I followed all the
steps and verified all services are running
normally but when I got down to the Kolab
components and followed the steps everything
completed without error but now when I try
to log into roundcube I get this error
"Connection to storage server failed." and
my log files show;<br>
<br>
[27-Mar-2015 20:10:50] PHP Warning:
fgets(): SSL operation failed with code 1.
OpenSSL Error message$<br>
error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version
number in
/usr/share/roundcubemail/program/lib/Roundcube/rcube_imap_generic.php
on line 200<br>
<br>
</div>
I have a feeling something with the last few
steps is causing issue or because of the
strictness of the allowed ciphers in the
previous steps<br>
<br>
<a moz-do-not-send="true"
href="https://docs.kolab.org/howtos/secure-kolab-server.html"
target="_blank">https://docs.kolab.org/howtos/secure-kolab-server.html</a><br>
<br>
</div>
Any help would be greatly appreciated,<br>
</div>
Josh<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
users mailing list
<a moz-do-not-send="true" href="mailto:users@lists.kolab.org" target="_blank">users@lists.kolab.org</a>
<a moz-do-not-send="true" href="https://lists.kolab.org/mailman/listinfo/users" target="_blank">https://lists.kolab.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>