Problems with SSL connections after upgrades

Symptoms

If suddenly users are having trouble connecting to Courier IMAP or POP over SSL after upgrading, you may have SSL version problems.

You will find errors like the following in /var/log/syslog:

Outlook users get the following error from previous settings:

Outlook users get the following error from using the wizard to set up a new account:

Other IMAP clients likely give similar errors, but some will work.

You may also get errors trying to connect from the commandline:

Fix

What has happened is that recent versions of Courier like to use SSL version 3. Very few IMAP clients seem to want to talk SSLv3. You need to change your TLS_PROTOCOL configuration file variable, and possibly (if you have it) your SSL_PROTOCOL variable to allow SSL version 2.

In Courier versions 0.56 and above, you can specify both version 2 and version 3 at the same time:

In Courier versions before 0.56, you will have to specify version 2 only:

On Debian/Ubuntu systems, the relevant files are /etc/courier/courier-imap-ssl and /etc/courier/courier-pop-ssl.

Fix is due to this Debian bug message.

The English text of this page is dedicated to the public domain.