Discussion:
[courier-users] CourierMTA+StartSSL Free Certificate=no shared cipher
(too old to reply)
sergio
2014-08-15 14:18:10 UTC
Permalink
Hello all courier users!
I've successfully installed Courier 0.66.1 on Ubuntu 12.04. All is
working perfectly, but when I add free certificate from StartSSL and try
to use for imap and smtp I've got error

courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: connect:
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

So maybe you can help to find error in openssl or maybe tell me about
really correct way to install my certificate in courier.

I'll be grateful for any help.
--
sergio bortsov

------------------------------------------------------------------------------
Matus UHLAR - fantomas
2014-08-15 15:18:40 UTC
Permalink
Post by sergio
Hello all courier users!
I've successfully installed Courier 0.66.1 on Ubuntu 12.04. All is
working perfectly, but when I add free certificate from StartSSL and try
to use for imap and smtp I've got error
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
what are the TLS options from courier esmtpd and esmtps-ssl files?
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. -- Daffy Duck & Porky Pig

------------------------------------------------------------------------------
sergio
2014-08-15 19:18:41 UTC
Permalink
Post by Matus UHLAR - fantomas
Post by sergio
Hello all courier users!
I've successfully installed Courier 0.66.1 on Ubuntu 12.04. All is
working perfectly, but when I add free certificate from StartSSL and try
to use for imap and smtp I've got error
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
what are the TLS options from courier esmtpd and esmtps-ssl files?
TLS_PROTOCOL="SSL23"
TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!***@STRENGTH"
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/courier/esmtpd.pem
TLS_TRUSTCERTS=/etc/ssl/certs/startssl
--
sergii bortsov
t: 098 44 9 11 55
S: sergio.bortsov

------------------------------------------------------------------------------
Sam Varshavchik
2014-08-15 23:35:55 UTC
Permalink
Post by sergio
Hello all courier users!
I've successfully installed Courier 0.66.1 on Ubuntu 12.04. All is
working perfectly, but when I add free certificate from StartSSL and try
to use for imap and smtp I've got error
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
So maybe you can help to find error in openssl or maybe tell me about
really correct way to install my certificate in courier.
I'll be grateful for any help.
I recall that StartSSL uses an intermediate cert. If so, you also need to
include their intermediate cert in the certificate file, either before or
after your certificate.
Sergio
2014-08-16 08:02:51 UTC
Permalink
Sam, really thank you. I added intermediate certificate and ssl tests passed successfully. Unfortunately, error no shared cipher always appear
during TLS transactions. but for now i'm happy )))
Sergio Bortsov
system administrator
0984491155
0952142400
skype sergio.bortsov
Post by sergio
Hello all courier users!
I've successfully installed Courier 0.66.1 on Ubuntu 12.04. All is
working perfectly, but when I add free certificate from StartSSL and try
to use for imap and smtp I've got error
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
So maybe you can help to find error in openssl or maybe tell me about
really correct way to install my certificate in courier.
I'll be grateful for any help.
I recall that StartSSL uses an intermediate cert. If so, you also need to include their intermediate cert in the certificate file, either before or after your certificate.
------------------------------------------------------------------------------
_______________________________________________
courier-users mailing list
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
------------------------------------------------------------------------------
Matus UHLAR - fantomas
2014-08-16 15:41:44 UTC
Permalink
Post by sergio
Post by Matus UHLAR - fantomas
Post by sergio
Hello all courier users!
I've successfully installed Courier 0.66.1 on Ubuntu 12.04. All is
working perfectly, but when I add free certificate from StartSSL and try
to use for imap and smtp I've got error
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
what are the TLS options from courier esmtpd and esmtps-ssl files?
TLS_PROTOCOL="SSL23"
oh! Thy did you disable tls1?
why the !MEDIUM ?

'DEFAULT:!LOW:!EXPORT' should be OK, if you don't the MEDIUM, add it
too...

check with "openssl ciphers -v 'SSLv3:TLSv1:HIGH:\!LOW:\!MEDIUM:\!EXP:\!NULL:\!***@STRENGTH'"
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

------------------------------------------------------------------------------
Sam Varshavchik
2014-08-16 16:13:01 UTC
Permalink
Post by Matus UHLAR - fantomas
Post by sergio
Post by Matus UHLAR - fantomas
Post by sergio
Hello all courier users!
I've successfully installed Courier 0.66.1 on Ubuntu 12.04. All is
working perfectly, but when I add free certificate from StartSSL and try
to use for imap and smtp I've got error
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
what are the TLS options from courier esmtpd and esmtps-ssl files?
TLS_PROTOCOL="SSL23"
oh! Thy did you disable tls1?
This setting should include TLS1. This is a peculiarity of the way OpenSSL
API works.

Loading...