[Notice] SSL for services with Courier - Windows 10 issue

  • Hi everyone,



    A little "issue" has been found and is going into further investigation.


    If you have SSL enabled for services with Courier (Dovecot isn't impacted) and are running the newly Windows 10, at least on 3 tests PC (2 updated (Win7=>Win10 ; Win8.1=>Win10) and a fresh Win10 install), all are unable to connect to POP3/IMAP.


    From Windows events manager, we get an error with SChannel, which suggest an Handshake failure.



    One posibility could be the Cipher list ( @Nuxwin )



    YouTrac ticket created, Ref : https://youtrack.i-mscp.net/issue/IP-1401



    More information to come as we get them.

  • @f4Nm1Z9k2P



    I think for a restricted cipher suites problem.. I currently download windaub 10 to investigate. Maybe you could help me to figure out if you've already windows 10? If needed, I'll capture SSL handshake with ethereal.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @Athar


    Could you try this:


    Shell-Script
    1. # mv /etc/courier/dhparams.pem /etc/courier/dhparams.pem.backup
    2. # openssl dhparam -out /etc/courier/dhparams.pem 2048

    Then, once done:

    • Make permission right of file dhparams.pem same as the old one
    • Restart imap-ssl/pop3-ssl services

    Then, once done:

    • Retry connection through Outlook on your windows 10 machine


    Thanks.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Windaub 10 - Installation in progress...



    windaub.png

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • I'll died before installation end... Funking DSL...



    ouch.png

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @Athar


    I cannot confirm the problem..


    Environment


    Server

    • Ubuntu Precise Pangolin (12.04 LTS)
    • i-MSCP 1.2.x
    • MTA: Postfix (SSL enabled - self-signed certificate as generated by i-MSCP) - Default configuration
    • PO: Courier (SSL enabled - self-signed certificate as generated by i-MSCP) - Default configuration


    Client

    • Windows 10 pro
    • Outlook 2013 (Office 365)


    Below the logs from the server


    Here I send a mail from outlook to [email protected] which is a mail account that I've created through i-MSCP

    Shell-Script
    1. root@precise:/usr/local/src/imscp# tail -fn0 /var/log/mail.logAug 4 05:11:57 precise postfix/smtpd[4177]: connect from unknown[192.168.1.100]Aug 4 05:11:57 precise postfix/smtpd[4177]: Anonymous TLS connection established from unknown[192.168.1.100]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)Aug 4 05:11:57 precise postfix/smtpd[4177]: 3CC678EFB: client=unknown[192.168.1.100], sasl_method=DIGEST-MD5, [email protected] 4 05:11:57 precise postfix/cleanup[4180]: 3CC678EFB: message-id=<[email protected]>Aug 4 05:11:57 precise postfix/qmgr[3935]: 3CC678EFB: from=<[email protected]>, size=2970, nrcpt=1 (queue active)Aug 4 05:11:57 precise postfix/pipe[4181]: 3CC678EFB: to=<[email protected]>, relay=maildrop, delay=0.06, delays=0.06/0/0/0, dsn=2.0.0, status=sent (delivered via maildrop service)Aug 4 05:11:57 precise postfix/qmgr[3935]: 3CC678EFB: removedAug 4 05:11:59 precise postfix/smtpd[4177]: disconnect from unknown[192.168.1.100]


    Here, I refresh my mailbox to get the new message

    Shell-Script
    1. Aug 4 05:12:45 precise pop3d-ssl: Connection, ip=[::ffff:192.168.1.100]
    2. Aug 4 05:12:55 precise pop3d-ssl: LOGIN, user=[email protected], ip=[::ffff:192.168.1.100], port=[56178]
    3. Aug 4 05:12:55 precise pop3d-ssl: LOGOUT, user=[email protected], ip=[::ffff:192.168.1.100], port=[56178], top=0, retr=2943, rcvd=32, sent=3336, time=0, stls=1


    All is working as expected.


    I'll provides more info in few minutes with screenshots....

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @Athar


    Here, I post all relevant screenshots


    01.png02.png03.png04.png05.png06.png07.png08.png


    As you can see, the tests (last screenshot) are ok.


    I'll now try with Debian Jessie. I'll also try with outlook 2010.


    Note: Here, I've used the IP instead of smtp.domain.tld and pop3.domain.tld because my DNS was not available but I'll fix that and retry.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Ok... odd.


    If this server can be reach from the internet, I'll be curious to test this account on my PC too :)



    Edit: Regenerate the DHParam (as explain is the post #4) make it working again for Windows 10 :D (and it's still working with Windows 7 xD)


    Thanks God @Nuxwin :D

    Edited once, last by Athar ().

  • @Athar


    You're welcome ;)


    Well, please update the releated ticket too. I'll integrate the fix in next release.


    BTW: My Ubuntu test server is not reachable through internet atm. Sorry.


    Refs:

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206